diff --git a/executable.Dockerfile b/executable.Dockerfile index 7b181c6b6..248113737 100644 --- a/executable.Dockerfile +++ b/executable.Dockerfile @@ -211,6 +211,10 @@ RUN if grep -q "CentOS Linux 7" /etc/os-release ; then \ RUN ./node_builder_glibc_env.sh COPY scripts/build_node_package.sh . RUN ./build_node_package.sh + +COPY scripts/pdeathsigger.c . +RUN gcc -o pdeathsigger pdeathsigger.c + # needed for hadolint WORKDIR /app USER 1001 @@ -261,6 +265,8 @@ COPY --from=async-profiler-builder-musl /tmp/async-profiler/build/lib/libasyncPr COPY --from=node-package-builder-musl /tmp/module_build gprofiler/resources/node/module/musl COPY --from=node-package-builder-glibc /tmp/module_build gprofiler/resources/node/module/glibc +COPY --from=node-package-builder-glibc /tmp/pdeathsigger gprofiler/resources/pdeathsigger + COPY --from=burn-builder /tmp/burn/burn gprofiler/resources/burn COPY gprofiler gprofiler diff --git a/scripts/pdeathsigger.c b/scripts/pdeathsigger.c new file mode 100644 index 000000000..fe8f5b98e --- /dev/null +++ b/scripts/pdeathsigger.c @@ -0,0 +1,28 @@ +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <sys/prctl.h> +#include <signal.h> + +/* + preexec_fn is not safe to use in the presence of threads, + child process could deadlock before exec is called. + this little shim is a workaround to avoid using preexe_fn and + still get the desired behavior (PR_SET_PDEATHSIG). +*/ +int main(int argc, char *argv[]) { + if (argc < 2) { + fprintf(stderr, "Usage: %s /path/to/binary [args...]\n", argv[0]); + return 1; + } + + if (prctl(PR_SET_PDEATHSIG, SIGKILL) == -1) { + perror("prctl"); + return 1; + } + + execvp(argv[1], &argv[1]); + + perror("execvp"); + return 1; +}