From 4747e964096a1b490de062460608805c46f0cfd2 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Wed, 18 Mar 2015 10:00:44 +0100
Subject: [PATCH] priv: on Linux, when monitor dies, kill child

When the monitor dies, it sends its child a TERM signal but if it
segfaults or is killed with an uncatchable signal, the child will
continue to run "unharmed". On Linux, it is possible to send a signal to
the child in this case, with `prctl()`. Do that.
---
 src/daemon/lldpd.h      | 1 +
 src/daemon/priv-bsd.c   | 5 +++++
 src/daemon/priv-linux.c | 9 +++++++++
 src/daemon/priv.c       | 1 +
 4 files changed, 16 insertions(+)

diff --git a/src/daemon/lldpd.h b/src/daemon/lldpd.h
index 72d52317..aea2b716 100644
--- a/src/daemon/lldpd.h
+++ b/src/daemon/lldpd.h
@@ -221,6 +221,7 @@ client_handle_client(struct lldpd *cfg,
 
 /* priv.c */
 void	 priv_init(const char*, int, uid_t, gid_t);
+void	 priv_init_os(void);
 void	 priv_wait(void);
 void	 priv_ctl_cleanup(const char *ctlname);
 char   	*priv_gethostname(void);
diff --git a/src/daemon/priv-bsd.c b/src/daemon/priv-bsd.c
index f32f990c..3b13b757 100644
--- a/src/daemon/priv-bsd.c
+++ b/src/daemon/priv-bsd.c
@@ -26,6 +26,11 @@
 #include <errno.h>
 #include <string.h>
 
+void
+priv_init_os()
+{
+}
+
 int
 asroot_iface_init_os(int ifindex, char *name, int *fd)
 {
diff --git a/src/daemon/priv-linux.c b/src/daemon/priv-linux.c
index c5736155..69054cd7 100644
--- a/src/daemon/priv-linux.c
+++ b/src/daemon/priv-linux.c
@@ -20,15 +20,24 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <signal.h>
 #include <fcntl.h>
 #include <errno.h>
 #include <regex.h>
 #include <sys/ioctl.h>
+#include <sys/prctl.h>
 #include <netpacket/packet.h> /* For sockaddr_ll */
 #include <linux/filter.h>     /* For BPF filtering */
 #include <linux/ethtool.h>
 #include <linux/sockios.h>
 
+void
+priv_init_os()
+{
+	if (prctl(PR_SET_PDEATHSIG, SIGTERM) == -1)
+		log_warn("privsep", "unable to setup parent death signal");
+}
+
 /* Proxy for open */
 int
 priv_open(char *file)
diff --git a/src/daemon/priv.c b/src/daemon/priv.c
index 0d9ea4a2..92d7824c 100644
--- a/src/daemon/priv.c
+++ b/src/daemon/priv.c
@@ -633,6 +633,7 @@ priv_init(const char *chrootdir, int ctl, uid_t uid, gid_t gid)
 #endif
 		}
 		close(pair[1]);
+		priv_init_os();
 		priv_ping();
 		break;
 	default:
-- 
2.39.5