From cb2d5aa8686163d44c176a586be323e20daf46d6 Mon Sep 17 00:00:00 2001 From: Stef Dunlap Date: Wed, 5 Oct 2022 23:12:24 -0400 Subject: [PATCH] Kill off any forked processes on timeout Previously we bwrap-ed the whole our.rb script. In this commit we switch it so that our.rb is run outside of bwrap, but every user command it executes is done inside bwrap. This allows us to use bwrap's "--die-with-parent" (along with "--unshare-pid") to kill off any forked processes when the parent processes is killed due to a timeout. --- our.example.service | 4 ++-- our.rb | 5 +---- start.sh => wrap_it.sh | 4 +++- 3 files changed, 6 insertions(+), 7 deletions(-) rename start.sh => wrap_it.sh (84%) diff --git a/our.example.service b/our.example.service index 94d0418..56aaf8b 100644 --- a/our.example.service +++ b/our.example.service @@ -4,8 +4,8 @@ After=our.service [Service] Type=simple -WorkingDirectory=/home/kindrobot/spacework/our -ExecStart=/home/kindrobot/spacework/our/our.rb +WorkingDirectory=/home/kindrobot/wrk/our +ExecStart=/home/kindrobot/wrk/our/our.rb Environment="OUR_NICK=your" Environment="OUR_CHANNELS=#bots" Environment="OUR_CMDS_DIR=/town/our" diff --git a/our.rb b/our.rb index e00fd65..0a8556d 100755 --- a/our.rb +++ b/our.rb @@ -83,8 +83,6 @@ i.hook do |msg| next unless msg.cmd == 'PRIVMSG' target, content = msg.args next unless content.delete_prefix! prefix - - cmd, args = content.split(' ', 2) cmd = "#{cmds_dir}/#{cmd}" args ||= '' @@ -93,9 +91,8 @@ i.hook do |msg| i.privmsg target, "#{cmd} isn't executable. try chmod +x" next end - begin - Open3.popen2e(cmd, args, msg.prefix, target) do |_, stdout, wait_thread| + Open3.popen2e("#{__dir__}/wrap_it.sh", cmd, args, msg.prefix, target) do |_, stdout, wait_thread| out = nil Timeout::timeout(3) do out = stdout.gets # only interested in the first line of output diff --git a/start.sh b/wrap_it.sh similarity index 84% rename from start.sh rename to wrap_it.sh index c9b7068..506bf56 100755 --- a/start.sh +++ b/wrap_it.sh @@ -10,4 +10,6 @@ OUR_CMDS_DIR=${OUR_CMDS_DIR:-/town/our} --share-net \ --dev /dev \ --tmpfs /tmp \ - $DIR/our.rb + --unshare-pid \ + --die-with-parent \ + "$@"