Kill sandbox process when 'runsc do' exits

PiperOrigin-RevId: 253882115
author: Fabricio Voznika <fvoznika@google.com> 2019-06-18 15:34:58 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-06-18 15:36:17 -0700
commit: 0e07c94d545aa971bb2a05b738f856181a3ff463 (patch)
tree: f3ab1fb4288184060373a41bb79a007293394a4b /runsc/sandbox
parent: bdb19b82ef2aa1638d98da4b1c55ae7928437f55 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index bf17f62d9..00b0bf659 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -103,6 +103,10 @@ type Args struct {
 
 	// Gcgroup is the cgroup that the sandbox is part of.
 	Cgroup *cgroup.Cgroup
+
+	// Attached indicates that the sandbox lifecycle is attached with the caller.
+	// If the caller exits, the sandbox should exit too.
+	Attached bool
 }
 
 // New creates the sandbox process. The caller must call Destroy() on the
@@ -650,6 +654,11 @@ func (s *Sandbox) createSandboxProcess(conf *boot.Config, args *Args, startSyncF
 		log.Debugf("Donating FD %d: %q", i+3, f.Name())
 	}
 
+	if args.Attached {
+		// Kill sandbox if parent process exits in attached mode.
+		cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
+	}
+
 	log.Debugf("Starting sandbox: %s %v", binPath, cmd.Args)
 	log.Debugf("SysProcAttr: %+v", cmd.SysProcAttr)
 	if err := specutils.StartInNS(cmd, nss); err != nil {
author	Fabricio Voznika <fvoznika@google.com>	2019-06-18 15:34:58 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-06-18 15:36:17 -0700
commit	0e07c94d545aa971bb2a05b738f856181a3ff463 (patch)
tree	f3ab1fb4288184060373a41bb79a007293394a4b /runsc/sandbox
parent	bdb19b82ef2aa1638d98da4b1c55ae7928437f55 (diff)