From ece90e0bda5acd017ddce924f88897f003d36ef9 Mon Sep 17 00:00:00 2001
From: Wiktor Garbacz <wiktorg@google.com>
Date: Tue, 3 Dec 2019 07:58:49 -0800
Subject: [PATCH] Fix resource leak

Resulted in a lot of zombie processes.

PiperOrigin-RevId: 283545337
Change-Id: Ia6b2fd24fc6fc0eed4a7aa415e264618739e8234
---
 sandboxed_api/sandbox2/forkserver.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sandboxed_api/sandbox2/forkserver.cc b/sandboxed_api/sandbox2/forkserver.cc
index 23422f9..afbef40 100644
--- a/sandboxed_api/sandbox2/forkserver.cc
+++ b/sandboxed_api/sandbox2/forkserver.cc
@@ -445,7 +445,7 @@ pid_t ForkServer::ServeRequest() {
     // We first just fork a child, which will join the initial namespaces
     // Note: Not a regular fork() as one really needs to be single-threaded to
     //       setns and this is not the case with TSAN.
-    pid_t pid = util::ForkWithFlags(0);
+    pid_t pid = util::ForkWithFlags(SIGCHLD);
     SAPI_RAW_PCHECK(pid != -1, "fork failed");
     if (pid == 0) {
       SAPI_RAW_PCHECK(setns(initial_userns_fd_, CLONE_NEWUSER) != -1,
@@ -572,7 +572,7 @@ void ForkServer::CreateInitialNamespaces() {
   int fds[2];
   SAPI_RAW_PCHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != -1,
                   "creating socket");
-  pid_t pid = util::ForkWithFlags(CLONE_NEWUSER | CLONE_NEWNS);
+  pid_t pid = util::ForkWithFlags(CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD);
   SAPI_RAW_PCHECK(pid != -1, "failed to fork initial namespaces process");
   char unused = '\0';
   if (pid == 0) {