Kill off any forked processes on timeout
Previously we bwrap-ed the whole our.rb script. In this commit we switch it so that our.rb is run outside of bwrap, but every user command it executes is done inside bwrap. This allows us to use bwrap's "--die-with-parent" (along with "--unshare-pid") to kill off any forked processes when the parent processes is killed due to a timeout.main
parent
fb94656f49
commit
cb2d5aa868
|
@ -4,8 +4,8 @@ After=our.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
WorkingDirectory=/home/kindrobot/spacework/our
|
WorkingDirectory=/home/kindrobot/wrk/our
|
||||||
ExecStart=/home/kindrobot/spacework/our/our.rb
|
ExecStart=/home/kindrobot/wrk/our/our.rb
|
||||||
Environment="OUR_NICK=your"
|
Environment="OUR_NICK=your"
|
||||||
Environment="OUR_CHANNELS=#bots"
|
Environment="OUR_CHANNELS=#bots"
|
||||||
Environment="OUR_CMDS_DIR=/town/our"
|
Environment="OUR_CMDS_DIR=/town/our"
|
||||||
|
|
5
our.rb
5
our.rb
|
@ -83,8 +83,6 @@ i.hook do |msg|
|
||||||
next unless msg.cmd == 'PRIVMSG'
|
next unless msg.cmd == 'PRIVMSG'
|
||||||
target, content = msg.args
|
target, content = msg.args
|
||||||
next unless content.delete_prefix! prefix
|
next unless content.delete_prefix! prefix
|
||||||
|
|
||||||
|
|
||||||
cmd, args = content.split(' ', 2)
|
cmd, args = content.split(' ', 2)
|
||||||
cmd = "#{cmds_dir}/#{cmd}"
|
cmd = "#{cmds_dir}/#{cmd}"
|
||||||
args ||= ''
|
args ||= ''
|
||||||
|
@ -93,9 +91,8 @@ i.hook do |msg|
|
||||||
i.privmsg target, "#{cmd} isn't executable. try chmod +x"
|
i.privmsg target, "#{cmd} isn't executable. try chmod +x"
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
|
|
||||||
begin
|
begin
|
||||||
Open3.popen2e(cmd, args, msg.prefix, target) do |_, stdout, wait_thread|
|
Open3.popen2e("#{__dir__}/wrap_it.sh", cmd, args, msg.prefix, target) do |_, stdout, wait_thread|
|
||||||
out = nil
|
out = nil
|
||||||
Timeout::timeout(3) do
|
Timeout::timeout(3) do
|
||||||
out = stdout.gets # only interested in the first line of output
|
out = stdout.gets # only interested in the first line of output
|
||||||
|
|
|
@ -10,4 +10,6 @@ OUR_CMDS_DIR=${OUR_CMDS_DIR:-/town/our}
|
||||||
--share-net \
|
--share-net \
|
||||||
--dev /dev \
|
--dev /dev \
|
||||||
--tmpfs /tmp \
|
--tmpfs /tmp \
|
||||||
$DIR/our.rb
|
--unshare-pid \
|
||||||
|
--die-with-parent \
|
||||||
|
"$@"
|
Loading…
Reference in New Issue