From 858a4b60441efd116f4fc40a23f62cafe0cfd07f Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 4 May 2017 10:52:42 +0200 Subject: [PATCH] build: Kill sandbox when flatpak build dies This ensures that no processes from the build lives past the return of the build itself, which might accidentally happen. We still allow apps to stay around after the regular flatpak run command finished though, as this is sometimes done on purpose. --- app/flatpak-builtins-build.c | 4 +++- common/flatpak-run.c | 5 +++++ common/flatpak-run.h | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/flatpak-builtins-build.c b/app/flatpak-builtins-build.c index 5db23cad..ff82f489 100644 --- a/app/flatpak-builtins-build.c +++ b/app/flatpak-builtins-build.c @@ -269,7 +269,9 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError argv_array = g_ptr_array_new_with_free_func (g_free); g_ptr_array_add (argv_array, g_strdup (flatpak_get_bwrap ())); - run_flags = FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_NO_SESSION_HELPER | FLATPAK_RUN_FLAG_SET_PERSONALITY; + run_flags = + FLATPAK_RUN_FLAG_DEVEL | FLATPAK_RUN_FLAG_NO_SESSION_HELPER | + FLATPAK_RUN_FLAG_SET_PERSONALITY | FLATPAK_RUN_FLAG_DIE_WITH_PARENT; if (custom_usr) run_flags |= FLATPAK_RUN_FLAG_WRITABLE_ETC; diff --git a/common/flatpak-run.c b/common/flatpak-run.c index 99b1c193..2154f3b7 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -4182,6 +4182,11 @@ flatpak_run_setup_base_argv (GPtrArray *argv_array, "--ro-bind", "/sys/devices", "/sys/devices", NULL); + if (flags & FLATPAK_RUN_FLAG_DIE_WITH_PARENT) + add_args (argv_array, + "--die-with-parent", + NULL); + if (flags & FLATPAK_RUN_FLAG_WRITABLE_ETC) add_args (argv_array, "--dir", "/usr/etc", diff --git a/common/flatpak-run.h b/common/flatpak-run.h index 87cb2130..c545d570 100644 --- a/common/flatpak-run.h +++ b/common/flatpak-run.h @@ -86,6 +86,7 @@ typedef enum { FLATPAK_RUN_FLAG_NO_SYSTEM_BUS_PROXY = (1 << 8), FLATPAK_RUN_FLAG_SET_PERSONALITY = (1 << 9), FLATPAK_RUN_FLAG_FILE_FORWARDING = (1 << 10), + FLATPAK_RUN_FLAG_DIE_WITH_PARENT = (1 << 11), } FlatpakRunFlags; typedef struct _FlatpakExports FlatpakExports;