build: Kill sandbox when flatpak build dies

This ensures that no processes from the build lives
past the return of the build itself, which might
accidentally happen.

We still allow apps to stay around after the regular
flatpak run command finished though, as this is sometimes
done on purpose.

app/flatpak-builtins-build.c

@@ -269,7 +269,9 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError
   argv_array = g_ptr_array_new_with_free_func (g_free);
   g_ptr_array_add (argv_array, g_strdup (flatpak_get_bwrap ()));
 
-  run_flags = FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_SET_PERSONALITY;
+  run_flags =
+    FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_NO_SESSION_HELPER |
+    FLATPAK_RUN_FLAG_SET_PERSONALITY | FLATPAK_RUN_FLAG_DIE_WITH_PARENT;
   if (custom_usr)
     run_flags |= FLATPAK_RUN_FLAG_WRITABLE_ETC;
 

common/flatpak-run.c

@@ -4182,6 +4182,11 @@ flatpak_run_setup_base_argv (GPtrArray      *argv_array,
             "--ro-bind", "/sys/devices", "/sys/devices",
             NULL);
 
+  if (flags & FLATPAK_RUN_FLAG_DIE_WITH_PARENT)
+    add_args (argv_array,
+              "--die-with-parent",
+              NULL);
+
   if (flags & FLATPAK_RUN_FLAG_WRITABLE_ETC)
     add_args (argv_array,
               "--dir", "/usr/etc",

common/flatpak-run.h

@@ -86,6 +86,7 @@ typedef enum {
   FLATPAK_RUN_FLAG_NO_SYSTEM_BUS_PROXY = (1 << 8),
   FLATPAK_RUN_FLAG_SET_PERSONALITY    = (1 << 9),
   FLATPAK_RUN_FLAG_FILE_FORWARDING    = (1 << 10),
+  FLATPAK_RUN_FLAG_DIE_WITH_PARENT    = (1 << 11),
 } FlatpakRunFlags;
 
 typedef struct _FlatpakExports FlatpakExports;