hst/config: negative WaitDelay bypasses default

This behaviour might be useful, so do not lock it out. This change also fixes an oversight where the unchecked value is used to determine ForwardCancel.

Signed-off-by: Ophestra <cat@gensokyo.uk>

hst/config.go

@@ -67,8 +67,8 @@ type (
 		Hostname string `json:"hostname,omitempty"`
 
 		// Duration in nanoseconds to wait for after interrupting the initial process.
-		// Defaults to [WaitDelayDefault] if less than or equals to zero,
-		// or [WaitDelayMax] if greater than [WaitDelayMax].
+		// Defaults to [WaitDelayDefault] if zero, or [WaitDelayMax] if greater than [WaitDelayMax].
+		// Values lesser than zero is equivalent to zero, bypassing [WaitDelayDefault].
 		WaitDelay time.Duration `json:"wait_delay,omitempty"`
 
 		// Emit Flatpak-compatible seccomp filter programs.

internal/app/outcome.go

@@ -81,7 +81,9 @@ func (s *outcomeState) populateEarly(k syscallDispatcher, msg message.Msg) {
 	s.Shim = &shimParams{PrivPID: os.Getpid(), Verbose: msg.IsVerbose()}
 
 	// enforce bounds and default early
-	if s.Container.WaitDelay <= 0 {
+	if s.Container.WaitDelay < 0 {
+		s.Shim.WaitDelay = 0
+	} else if s.Container.WaitDelay == 0 {
 		s.Shim.WaitDelay = hst.WaitDelayDefault
 	} else if s.Container.WaitDelay > hst.WaitDelayMax {
 		s.Shim.WaitDelay = hst.WaitDelayMax

internal/app/spcontainer.go

@@ -65,7 +65,7 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
 
 	// the container is canceled when shim is requested to exit or receives an interrupt or termination signal;
 	// this behaviour is implemented in the shim
-	state.params.ForwardCancel = state.Container.WaitDelay >= 0
+	state.params.ForwardCancel = state.Shim.WaitDelay > 0
 
 	if state.Container.Multiarch {
 		state.params.SeccompFlags |= seccomp.AllowMultiarch