Create DerivationBuilder::killChild

Then the derivation building goal doesn't need to snoop around as much.
2025-11-16 07:22:43 +01:00 · 2025-08-28 13:43:26 -04:00 · 2025-08-28 13:43:26 -04:00 · 4388e3dcb5
commit 4388e3dcb5
parent 49da508f46
3 changed files with 31 additions and 19 deletions
--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@ -370,9 +370,15 @@ protected:
     */
    virtual void cleanupBuild(bool force);

+    /**
+     * Kill any processes running under the build user UID or in the
+     * cgroup of the build.
+     */
+    virtual void killSandbox(bool getStats);
+
 public:

-    void killSandbox(bool getStats) override;
+    bool killChild() override;

 private:

@ -435,6 +441,24 @@ void DerivationBuilderImpl::killSandbox(bool getStats)
    }
 }

+bool DerivationBuilderImpl::killChild()
+{
+    bool ret = pid != -1;
+    if (ret) {
+        /* If we're using a build user, then there is a tricky race
+           condition: if we kill the build user before the child has
+           done its setuid() to the build user uid, then it won't be
+           killed, and we'll potentially lock up in pid.wait().  So
+           also send a conventional kill to the child. */
+        ::kill(-pid, SIGKILL); /* ignore the result */
+
+        killSandbox(true);
+
+        pid.wait();
+    }
+    return ret;
+}
+
 bool DerivationBuilderImpl::prepareBuild()
 {
    if (useBuildUsers()) {