From 31350d74e51d25ee8b180a2d4234ea5d4aa55c2b Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Fri, 25 Oct 2024 13:19:37 +0900
Subject: [PATCH] shim: kill shim if setup becomes impossible

This prevents a hang when setup faults but the shim keeps waiting on the socket. Setup is automatically aborted when the shim is killed.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 internal/app/start.go   | 10 +++++++++-
 internal/shim/parent.go |  7 ++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/internal/app/start.go b/internal/app/start.go
index 464d23d..719343f 100644
--- a/internal/app/start.go
+++ b/internal/app/start.go
@@ -64,7 +64,14 @@ func (a *app) Start() error {
 	a.cmd.Dir = a.seal.RunDirPath
 
 	a.abort = make(chan error)
-	if err := shim.ServeConfig(confSockPath, a.abort, a.seal.sys.UID(), &shim.Payload{
+	procReady := make(chan struct{})
+	if err := shim.ServeConfig(confSockPath, a.abort, func() {
+		<-procReady
+		if err := a.cmd.Process.Signal(os.Interrupt); err != nil {
+			fmsg.Println("cannot kill shim on faulted setup:", err)
+		}
+		fmt.Print("\r")
+	}, a.seal.sys.UID(), &shim.Payload{
 		Argv:  a.seal.command,
 		Exec:  shimExec,
 		Bwrap: a.seal.sys.bwrap,
@@ -85,6 +92,7 @@ func (a *app) Start() error {
 			"cannot start process:")
 	}
 	startTime := time.Now().UTC()
+	close(procReady)
 
 	// create process state
 	sd := state.State{
diff --git a/internal/shim/parent.go b/internal/shim/parent.go
index c6209fe..cf6b125 100644
--- a/internal/shim/parent.go
+++ b/internal/shim/parent.go
@@ -4,7 +4,6 @@ import (
 	"encoding/gob"
 	"errors"
 	"net"
-	"os"
 	"syscall"
 
 	"git.ophivana.moe/security/fortify/acl"
@@ -13,7 +12,7 @@ import (
 
 // called in the parent process
 
-func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl *Wayland) error {
+func ServeConfig(socket string, abort chan error, killShim func(), uid int, payload *Payload, wl *Wayland) error {
 	if payload.WL {
 		if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl.Path, Net: "unix"}); err != nil {
 			return err
@@ -58,7 +57,7 @@ func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl
 			} else {
 				if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
 					fmsg.Println("cannot stream shim payload:", err)
-					_ = os.Remove(socket)
+					killShim()
 					return
 				}
 
@@ -67,6 +66,7 @@ func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl
 					var rc syscall.RawConn
 					if rc, err = wl.SyscallConn(); err != nil {
 						fmsg.Println("cannot obtain raw wayland connection:", err)
+						killShim()
 						return
 					} else {
 						go func() {
@@ -74,6 +74,7 @@ func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl
 							if err = rc.Control(func(fd uintptr) {
 								if _, _, err = conn.WriteMsgUnix(nil, syscall.UnixRights(int(fd)), nil); err != nil {
 									fmsg.Println("cannot pass wayland connection to shim:", err)
+									killShim()
 									return
 								}
 								_ = conn.Close()