Implement Pdeathsig behavior for child processes and enhance integration tests

fahedouch · fahedouch · commit 2ca0537e5195 · 2025-06-01T12:05:26.000+02:00
Signed-off-by: fahed dorgaa &lt;fahed.dorgaa@gmail.com&gt;
diff --git a/hack/integration-pdeathsig.sh b/hack/integration-pdeathsig.sh
@@ -4,21 +4,27 @@
 # 1. Uses rootlesskit to spawn a long-running process
 # 2. Kills the rootlesskit parent process
 # 3. Verifies that the child process is killed as expected
+# 4. Tests both with --reaper true and --reaper false
 
 source $(realpath $(dirname $0))/common.inc.sh
 
 INFO "Starting Pdeathsig test using rootlesskit..."
 
-# Create a temporary directory for test artifacts
-TEMP_DIR=$(mktemp -d)
-INFO "Created temporary directory: $TEMP_DIR"
+# Function to run the test with a specific reaper setting
+run_test() {
+    local reaper_setting=$1
+    INFO "Testing with --reaper $reaper_setting"
 
-# Create a marker file that will be touched by the child process if it's still alive
-MARKER_FILE="$TEMP_DIR/child_still_alive"
+    # Create a temporary directory for test artifacts
+    TEMP_DIR=$(mktemp -d)
+    INFO "Created temporary directory: $TEMP_DIR"
 
-# Create a script that will be executed by rootlesskit
-CHILD_SCRIPT="$TEMP_DIR/child_script.sh"
-cat > "$CHILD_SCRIPT" << 'EOF'
+    # Create a marker file that will be touched by the child process if it's still alive
+    MARKER_FILE="$TEMP_DIR/child_still_alive"
+
+    # Create a script that will be executed by rootlesskit
+    CHILD_SCRIPT="$TEMP_DIR/child_script.sh"
+    cat > "$CHILD_SCRIPT" << 'EOF'
 #!/bin/bash
 echo "Child process started with PID: $$"
 echo "Parent PID: $PPID"
@@ -50,51 +56,70 @@ echo "Child completed normally (this shouldn't happen if Pdeathsig is working)"
 touch MARKER_FILE_PLACEHOLDER
 EOF
 
-# Replace the placeholder with the actual marker file path
-sed -i "s|MARKER_FILE_PLACEHOLDER|$MARKER_FILE|g" "$CHILD_SCRIPT"
-chmod +x "$CHILD_SCRIPT"
+    # Replace the placeholder with the actual marker file path
+    sed -i "s|MARKER_FILE_PLACEHOLDER|$MARKER_FILE|g" "$CHILD_SCRIPT"
+    chmod +x "$CHILD_SCRIPT"
 
-# Start rootlesskit with the child script
-INFO "Starting rootlesskit..."
-$ROOTLESSKIT "$CHILD_SCRIPT" &
-ROOTLESSKIT_PID=$!
-INFO "Rootlesskit started with PID: $ROOTLESSKIT_PID"
+    # Start rootlesskit with the child script
+    INFO "Starting rootlesskit with --reaper $reaper_setting..."
+    if [ "$reaper_setting" = "true" ]; then
+        $ROOTLESSKIT --reaper $reaper_setting --pidns "$CHILD_SCRIPT" &
+    else
+        $ROOTLESSKIT --reaper $reaper_setting "$CHILD_SCRIPT" &
+    fi
+    ROOTLESSKIT_PID=$!
+    INFO "Rootlesskit started with PID: $ROOTLESSKIT_PID"
 
-# Wait a moment for the child to start
-sleep 2
+    # Wait a moment for the child to start
+    sleep 2
 
-# Find the child process
-CHILD_PID=$(pgrep -P $ROOTLESSKIT_PID)
-if [ -z "$CHILD_PID" ]; then
-    ERROR "Failed to find child process"
-    exit 1
-fi
-INFO "Found child process with PID: $CHILD_PID"
+    # Find the child process
+    ROOTLESSKIT_CHILD_PID=$(pgrep -P $ROOTLESSKIT_PID)
+    if [ -z "$ROOTLESSKIT_CHILD_PID" ]; then
+        ERROR "Failed to find rootlesskit child process"
+        return 1
+    fi
+    INFO "Found rootlesskit child process with PID: $ROOTLESSKIT_CHILD_PID"
+
+    # Kill the rootlesskit process
+    INFO "Killing rootlesskit process (PID: $ROOTLESSKIT_PID)..."
+    kill -9 $ROOTLESSKIT_PID
+
+    # Wait a moment for the rootlesskit child to be killed
+    sleep 2
+
+    # Check if the rootlesskit child process is still running
+    if ps -p $ROOTLESSKIT_CHILD_PID > /dev/null; then
+        ERROR "FAIL: Rootlesskit Child process (PID: $ROOTLESSKIT_CHILD_PID) is still running after rootlesskit parent was killed"
+        kill -9 $ROOTLESSKIT_CHILD_PID  # Clean up
+        return 1
+    else
+        INFO "PASS: Rootlesskit Child process (PID: $ROOTLESSKIT_CHILD_PID) was killed as expected"
+    fi
 
-# Kill the rootlesskit process
-INFO "Killing rootlesskit process (PID: $ROOTLESSKIT_PID)..."
-kill -9 $ROOTLESSKIT_PID
+    # Check if the marker file exists
+    if [ -f "$MARKER_FILE" ]; then
+        ERROR "FAIL: Marker file exists, which means the child process wasn't killed by Pdeathsig"
+        return 1
+    else
+        INFO "PASS: Marker file doesn't exist, which means the child process was killed by Pdeathsig"
+    fi
 
-# Wait a moment for the child to be killed
-sleep 2
+    INFO "Test with --reaper $reaper_setting completed successfully!"
+    rm -rf "$TEMP_DIR"
+    return 0
+}
 
-# Check if the child process is still running
-if ps -p $CHILD_PID > /dev/null; then
-    ERROR "FAIL: Child process (PID: $CHILD_PID) is still running after parent was killed"
-    kill -9 $CHILD_PID  # Clean up
+# Run tests with both reaper settings
+if ! run_test "true"; then
+    ERROR "Test with --reaper true failed"
     exit 1
-else
-    INFO "PASS: Child process (PID: $CHILD_PID) was killed as expected"
 fi
 
-# Check if the marker file exists
-if [ -f "$MARKER_FILE" ]; then
-    ERROR "FAIL: Marker file exists, which means the child process wasn't killed by Pdeathsig"
+if ! run_test "false"; then
+    ERROR "Test with --reaper false failed"
     exit 1
-else
-    INFO "PASS: Marker file doesn't exist, which means the child process was killed by Pdeathsig"
 fi
 
-INFO "Test completed successfully!"
-rm -rf "$TEMP_DIR"
+INFO "All tests completed successfully!"
 exit 0
diff --git a/pkg/child/child.go b/pkg/child/child.go
@@ -503,12 +503,24 @@ func Child(opt Opt) error {
 			return fmt.Errorf("command %v exited: %w", opt.TargetCmd, err)
 		}
 	} else {
-		if err := cmd.Start(); err != nil {
-			return fmt.Errorf("command %v exited: %w", opt.TargetCmd, err)
-		}
-		sigc := sigproxy.ForwardAllSignals(context.TODO(), cmd.Process.Pid)
-		defer sigproxysignal.StopCatch(sigc)
-		if err := cmd.Wait(); err != nil {
+		// Launch a goroutine to execute the command with Pdeathsig
+		go func() {
+			// Lock the goroutine to the OS thread
+			runtime.LockOSThread()
+			defer runtime.UnlockOSThread()
+
+			// Set the parent death signal
+			if err := unix.Prctl(unix.PR_SET_PDEATHSIG, uintptr(unix.SIGKILL), 0, 0, 0); err != nil {
+				cmdErrCh <- err
+				return
+			}
+
+			// Run the command without reaping
+			cmdErrCh <- runWithoutReap(cmd)
+		}()
+
+		// Wait for the command to complete
+		if err := <-cmdErrCh; err != nil {
 			return fmt.Errorf("command %v exited: %w", opt.TargetCmd, err)
 		}
 	}
@@ -529,6 +541,16 @@ func setMountPropagation(propagation string) error {
 	return nil
 }
 
+func runWithoutReap(cmd *exec.Cmd) error {
+	cmd.SysProcAttr.Setsid = true
+	if err := cmd.Start(); err != nil {
+		return err
+	}
+	sigc := sigproxy.ForwardAllSignals(context.TODO(), cmd.Process.Pid)
+	defer sigproxysignal.StopCatch(sigc)
+	return cmd.Wait()
+}
+
 func runAndReap(cmd *exec.Cmd) error {
 	c := make(chan os.Signal, 32)
 	signal.Notify(c, syscall.SIGCHLD)
