Skip to content

Ignore SIGINT in chroot #95360

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Ignore SIGINT in chroot #95360

wants to merge 1 commit into from

Conversation

corngood
Copy link
Contributor

Motivation for this change

I was unable to break using ctrl-c in gdb when running under chrootenv.

Things done

Ignore SIGINT in chroot after the child process is started. chrootenv is waiting for the child process, which will still receive the signal.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@corngood corngood changed the base branch from master to staging August 13, 2020 18:20
@ofborg ofborg bot added 6.topic: golang Go is a high-level general purpose programming language that is statically typed and compiled. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. and removed 6.topic: golang Go is a high-level general purpose programming language that is statically typed and compiled. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Aug 13, 2020
@Atemu
Copy link
Member

Atemu commented Aug 14, 2020

Rebase on top of master or unstable, your patch isn't what's causing the mass rebuild and doesn't need to go into staging.

Have you tried whether your use-case works with #94442?

Result of nixpkgs-review 1

3 packages failed to build:
- houdini
- quartus-prime-lite
- steam-run-native
53 packages built:
- Sylk
- android-studio
- androidStudioPackages.beta
- androidStudioPackages.canary
- androidStudioPackages.dev
- appimage-run
- arduino-cli
- bitscope.chart
- bitscope.console
- bitscope.display
- bitscope.dso
- bitscope.logic
- bitscope.meter
- bitscope.proto
- bitscope.server
- conda
- deltachat-electron
- devdocs-desktop
- dropbox
- dropbox-cli
- esphome
- fahclient (foldingathome)
- flutter
- flutterPackages.beta
- flutterPackages.dev
- irccloud
- joplin-desktop
- kodiPlugins.steam-launcher
- ledger-live-desktop
- lightworks
- lutris
- lutris-free
- marktext
- mate.caja-dropbox
- minetime
- mist
- notable
- obsidian
- platformio
- plex
- plexamp
- runwayml
- sidequest
- ssb-patchwork
- standardnotes
- station
- steam
- steam-run
- steamcmd
- tusk
- unityhub
- wootility
- zulip

@corngood corngood changed the base branch from staging to master August 14, 2020 11:30
@corngood
Copy link
Contributor Author

Moved to master. I thought it would have more dependencies than it did...

I just did a quick test with bwrap, and it seems to have the same problem with ctrl-c. I'll set up a test and investigate a bit.

@corngood
Copy link
Contributor Author

Here's how I tested it:

$(nix-build -QE '(import <nixpkgs> {}).buildFHSUserEnv { name = "test"; targetPkgs = pkgs: [ pkgs.gdb ]; }')/bin/test -c gdb

Without this change, ctrl-c terminates chrootenv, and leaves gdb running (at least briefly).

With this change, ctrl-c gets sent only to gdb, and works as expected.

For bubblewrap:

$(nix-build -QE '(import <nixpkgs> {}).buildFHSUserEnvBubblewrap { name = "test"; targetPkgs = pkgs: [ pkgs.gdb ]; }')/bin/test -c gdb

ctrl-c appears to terminate both gdb and bwrap instantly. Looks like there's actually an issue about it:

containers/bubblewrap#369

Atemu
Atemu previously approved these changes Aug 15, 2020
View reviewed changes
Copy link
Member

@Atemu Atemu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could reproduce the bug and fix on my machine.

The other chrootenv apps I use seem to be working fine.

@SuperSandro2000 SuperSandro2000 requested a review from Mic92 January 18, 2021 12:05
Mic92
Mic92 reviewed Jan 18, 2021
View reviewed changes
pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c Outdated
@@ -145,6 +145,8 @@ int main(gint argc, gchar **argv) {
else {
int status;

fail_if(signal(SIGINT, SIG_IGN) == SIG_ERR);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would rather make the child the forground process like this: tcsetpgrp in the child and block SIGTTOU signal in the parent. Than all signals are only forwarded to the child.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I played around with this a bit, but I couldn't find a way to do it that doesn't break ^Z.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did ^Z work before?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to work for me, with or without this PR, under zsh.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue so is that you can no longer stop chrootenv with ctrl-c, which also seems a problem.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

setpgid might be also required: https://www.gnu.org/software/libc/manual/html_node/Launching-Jobs.html

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I needed setpgid, but I still couldn't get ^Z to work.

As for ^C, is there any reason chrootenv should deal with it? It seems like if it's just a wrapper, the child process should be responsible.

Copy link
Member

@Mic92 Mic92 Mar 31, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not like it should deal with it. But it should be the child that receive those rather than the parent - Is this still the case? The way I read the code is that the parent is ignoring sigint and the child won't receive it.

Here is an alternative approach that is used in systemd:
systemd/systemd-stable@6f9c8af#diff-986d1d7b30d37ed34cd2d166891190eb817018b0a2e485e0b455486c56746f31R58

parent does ioctl(STDIN_FILENO, TIOCNOTTY) and child does setsid. According to the comments this seems to be cleaner? Regarding ctrl-z: from my understanding it should send SIGSTOP to the process that controls the terminal. Than waitpid would return WIFSIGNALED(status) == 1 and the wrapper would do a SIGSTOP on its own pid.
Here is how I handle that in cntr: https://github.com/Mic92/cntr/blob/b529dc67e27a3e1840afa6e65fd404c97e8b7321/src/attach/parent.rs#L39
This might be the more correct version because it also does SIGCONT after resuming.

@stale

This comment was marked as spam.

Sign in to view
@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Oct 1, 2021
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jan 26, 2022
@ofborg ofborg bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. and removed 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. labels Jan 26, 2022
@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Sep 21, 2022
@corngood corngood force-pushed the chrootenv-sigint branch from 39a21b7 to bc57697 Compare May 9, 2023 02:01
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label May 9, 2023
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. and removed 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels May 9, 2023
@Atemu Atemu dismissed their stale review August 25, 2023 12:24

Outdated

@wegank wegank added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 19, 2024
@corngood corngood force-pushed the chrootenv-sigint branch from 52c170f to dce454c Compare May 15, 2024 00:43
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label May 15, 2024
@wegank wegank added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jan 1, 2025
@corngood
Copy link
Contributor Author

I'm still carrying this patch in my local nixpkgs, so I decided to take a look at the state of things chrootenv and bwrap.

The bubblewrap issue is still open: containers/bubblewrap#369, and there's been a lot of discussion in the referenced PRs.

Someone on there suggested running setpgid -f [command] inside the wrapper, and that does fix ^C in both wrappers, but breaks ^Z.

The most promising fix seems to be: containers/bubblewrap#586.

@nixpkgs-ci nixpkgs-ci bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 28, 2025
@corngood
chrootenv: ignore SIGINT while waiting for child
dd1db5c 
This allows child processes (e.g. gdb) to be use ctrl-c in a chrootenv without
chrootenv being terminated.
@nix-owners nix-owners bot requested a review from philiptaron August 15, 2025 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

@Atemu Atemu Atemu left review comments

@philiptaron philiptaron Awaiting requested review from philiptaron

Assignees
No one assigned
Labels
8.has: clean-up This PR removes packages or removes other cruft 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@corngood @Atemu @Mic92 @wegank