From ea4a62e1ea0de147107bef65af9fc727ea446a14 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 6 Dec 2024 16:18:19 -0500
Subject: [PATCH] utils: Add a lifecycle_bind helper for Command

In almost all children we fork, we want the child to reliably
exit if we do (e.g. especially if we panic). The Linux
PR_SET_PDEATHSIG is just great for this.

Signed-off-by: Colin Walters <walters@verbum.org>
---
 Cargo.lock           |  1 +
 utils/Cargo.toml     |  1 +
 utils/src/command.rs | 17 +++++++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/Cargo.lock b/Cargo.lock
index 9af198b62..df927d65d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -210,6 +210,7 @@ name = "bootc-utils"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "rustix",
  "serde",
  "serde_json",
  "similar-asserts",
diff --git a/utils/Cargo.toml b/utils/Cargo.toml
index 9d002e78f..6aeda593d 100644
--- a/utils/Cargo.toml
+++ b/utils/Cargo.toml
@@ -8,6 +8,7 @@ repository = "https://github.com/containers/bootc"
 
 [dependencies]
 anyhow = { workspace = true }
+rustix = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 tempfile = { workspace = true }
diff --git a/utils/src/command.rs b/utils/src/command.rs
index d84000515..3db7d86fd 100644
--- a/utils/src/command.rs
+++ b/utils/src/command.rs
@@ -2,6 +2,7 @@
 
 use std::{
     io::{Read, Seek},
+    os::unix::process::CommandExt,
     process::Command,
 };
 
@@ -15,6 +16,9 @@ pub trait CommandRunExt {
     /// Execute the child process.
     fn run(&mut self) -> Result<()>;
 
+    /// Ensure the child does not outlive the parent.
+    fn lifecycle_bind(&mut self) -> &mut Self;
+
     /// Execute the child process and capture its output. This uses `run` internally
     /// and will return an error if the child process exits abnormally.
     fn run_get_output(&mut self) -> Result<Box<dyn std::io::BufRead>>;
@@ -84,6 +88,19 @@ impl CommandRunExt for Command {
         self.status()?.check_status(stderr)
     }
 
+    #[allow(unsafe_code)]
+    fn lifecycle_bind(&mut self) -> &mut Self {
+        // SAFETY: This API is safe to call in a forked child.
+        unsafe {
+            self.pre_exec(|| {
+                rustix::process::set_parent_process_death_signal(Some(
+                    rustix::process::Signal::Term,
+                ))
+                .map_err(Into::into)
+            })
+        }
+    }
+
     /// Output a debug-level log message with this command.
     fn log_debug(&mut self) -> &mut Self {
         // We unconditionally log at trace level, so avoid double logging