From d7628e46ac7c9e1359b5e08addc64c20a689b92b Mon Sep 17 00:00:00 2001
From: Aaruni Kaushik <akaushik@mathematik.uni-kl.de>
Date: Mon, 5 Feb 2024 15:05:49 +0100
Subject: [PATCH] Rework logic and naming according to review.

Signed-off-by: Aaruni Kaushik <akaushik@mathematik.uni-kl.de>
---
 bubblewrap.c | 49 ++++++++++++++++++++++++++++++++-----------------
 1 file changed, 32 insertions(+), 17 deletions(-)

diff --git a/bubblewrap.c b/bubblewrap.c
index 91b2dfe7..020de274 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -381,23 +381,30 @@ handle_die_with_parent (void)
     die_with_error ("prctl");
 }
 
+static int forwarded_signals[] =
+{
+  SIGINT,
+  SIGTERM,
+  SIGCONT,
+  SIGHUP,
+  SIGQUIT,
+  SIGUSR1,
+  SIGUSR2,
+  SIGWINCH,
+};
+
 static void
-gate_signals (int action, sigset_t *prevmask)
+block_forwarded_signals (sigset_t *prevmask)
 {
   sigset_t mask;
-
-  /* When unblocking, only restore if not previously blocked. */
+  size_t i;
 
   sigemptyset (&mask);
 
-  if (action == SIG_BLOCK || !sigismember (prevmask, SIGINT))
-    sigaddset (&mask, SIGINT);
-
-  if (action == SIG_BLOCK || !sigismember (prevmask, SIGTERM))
-    sigaddset (&mask, SIGTERM);
-
-  if (sigprocmask (action, &mask, prevmask) == -1)
-    die_with_error ("sigprocmask");
+  for (i = 0; i < N_ELEMENTS (forwarded_signals); i++)
+  {
+      sigaddset (&mask, forwarded_signals[i]);
+  }
 }
 
 static void
@@ -521,6 +528,7 @@ monitor_child (int event_fd, pid_t child_pid, int setup_finished_fd)
   int exitc;
   pid_t died_pid;
   int died_status;
+  size_t i;
 
   /* Close all extra fds in the monitoring process.
      Any passed in fds have been passed on to the child anyway. */
@@ -535,8 +543,11 @@ monitor_child (int event_fd, pid_t child_pid, int setup_finished_fd)
 
   sigemptyset (&mask);
   sigaddset (&mask, SIGCHLD);
-  sigaddset (&mask, SIGINT);
-  sigaddset (&mask, SIGTERM);
+
+  for (i = 0; i < N_ELEMENTS(forwarded_signals); i++)
+  {
+    sigaddset(&mask, forwarded_signals[i]);
+  }
 
   signal_fd = signalfd (-1, &mask, SFD_CLOEXEC | SFD_NONBLOCK);
   if (signal_fd == -1)
@@ -2673,7 +2684,8 @@ main (int    argc,
   int res UNUSED;
   cleanup_free char *args_data UNUSED = NULL;
   int intermediate_pids_sockets[2] = {-1, -1};
-  sigset_t sigmask;
+  sigset_t sigmask_before_forwarding;
+  sigemptyset (&sigmask_before_forwarding);
 
   /* Handle --version early on before we try to acquire/drop
    * any capabilities so it works in a build environment;
@@ -2849,7 +2861,7 @@ main (int    argc,
 
   /* We block other signals here to avoid leaving an orphan. */
   if (opt_forward_signals)
-    gate_signals (SIG_BLOCK, &sigmask);
+    block_forwarded_signals (&sigmask_before_forwarding);
 
   clone_flags = SIGCHLD | CLONE_NEWNS;
   if (opt_unshare_user)
@@ -3001,9 +3013,12 @@ main (int    argc,
       return monitor_child (event_fd, pid, setup_finished_pipe[0]);
     }
 
-  /* Unblock other signals here to receive signals from the parent. */
+  /* Restore the state of sigmask from before the blocking. */
   if (opt_forward_signals)
-    gate_signals (SIG_UNBLOCK, &sigmask);
+  {
+    if (sigprocmask (SIG_SETMASK, &sigmask_before_forwarding, NULL) != 0)
+      die_with_error ("sigprocmask");
+  }
 
   if (opt_pidns_fd > 0)
     {