summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-06-11 23:51:44 +0200
committerLudovic Courtès <ludo@gnu.org>2020-06-12 00:04:42 +0200
commitb6b95685d0b478698d648f13afd927b1e1700d99 (patch)
tree98c5ac21270ea4b0a309ad6f616f991737c7d54f /gnu
parent648ae62112f62bc2106fb36d45c83fda787d3bed (diff)
downloadguix-b6b95685d0b478698d648f13afd927b1e1700d99.tar.gz
shepherd: Unblock signals in the child process.
Fixes <https://bugs.gnu.org/41791>.
Reported by Tobias Geerinckx-Rice <me@tobias.gr>.

This change mirrors changes made in the Shepherd 0.8.1, where signals
are blocked in the shepherd process in support of 'signalfd'.  The
regression was introduced with the switch to 0.8.1 in
3f9c62d1a8b345909adaeb22f454ad22554c55a1: child processes would not
receive SIGTERM upon 'herd stop SERVICE'.

* gnu/build/shepherd.scm <top level>: Autoload (shepherd system).
(make-forkexec-constructor/container): Call call to 'sigaction' and
'unblock-signals'.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/shepherd.scm16
1 files changed, 14 insertions, 2 deletions
diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
index 14bdf4edb8..47920a7b74 100644
--- a/gnu/build/shepherd.scm
+++ b/gnu/build/shepherd.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,6 +21,7 @@
   #:use-module (gnu build linux-container)
   #:use-module (guix build utils)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
   #:use-module (ice-9 match)
   #:export (make-forkexec-constructor/container))
 
@@ -91,7 +92,10 @@
 
 ;; XXX: Lazy-bind the Shepherd to avoid a compile-time dependency.
 (module-autoload! (current-module)
-                  '(shepherd service) '(read-pid-file exec-command))
+                  '(shepherd service)
+                  '(read-pid-file exec-command %precious-signals))
+(module-autoload! (current-module)
+                  '(shepherd system) '(unblock-signals))
 
 (define* (read-pid-file/container pid pid-file #:key (max-delay 5))
   "Read PID-FILE in the container namespaces of PID, which exists in a
@@ -158,6 +162,14 @@ namespace, in addition to essential bind-mounts such /proc."
     (let ((pid (run-container container-directory
                               mounts namespaces 1
                               (lambda ()
+                                ;; First restore the default handlers.
+                                (for-each (cut sigaction <> SIG_DFL)
+                                          %precious-signals)
+
+                                ;; Unblock any signals that have been blocked
+                                ;; by the parent process.
+                                (unblock-signals %precious-signals)
+
                                 (mkdir-p "/var/run")
                                 (clean-up pid-file)