Add an --ignore-keyboard-signals option

Signed-off-by: GalaxySnail <me@glxys.nl>

Author: GalaxySnail

bubblewrap.c

@@ -77,6 +77,7 @@ static bool opt_unshare_cgroup = false;
 static bool opt_unshare_cgroup_try = false;
 static bool opt_needs_devpts = false;
 static bool opt_new_session = false;
+static bool opt_ignore_keyboard_signals = false;
 static bool opt_die_with_parent = false;
 static uid_t opt_sandbox_uid = -1;
 static gid_t opt_sandbox_gid = -1;
@@ -366,6 +367,7 @@ usage (int ecode, FILE *out)
            "    --info-fd FD                 Write information about the running container to FD\n"
            "    --json-status-fd FD          Write container status to FD as multiple JSON documents\n"
            "    --new-session                Create a new terminal session\n"
+           "    --ignore-keyboard-signals    Ignore SIGINT and SIGQUIT while waiting for the command to terminate\n"
            "    --die-with-parent            Kills with SIGKILL child process (COMMAND) when bwrap or bwrap's parent dies.\n"
            "    --as-pid-1                   Do not install a reaper process with PID=1\n"
            "    --cap-add CAP                Add cap CAP when running as privileged user\n"
@@ -2592,6 +2594,10 @@ parse_args_recurse (int          *argcp,
         {
           opt_new_session = true;
         }
+      else if (strcmp (arg, "--ignore-keyboard-signals") == 0)
+        {
+          opt_ignore_keyboard_signals = true;
+        }
       else if (strcmp (arg, "--die-with-parent") == 0)
         {
           opt_die_with_parent = true;
@@ -3210,6 +3216,13 @@ main (int    argc,
           close (opt_userns_block_fd);
         }
 
+      if (opt_ignore_keyboard_signals)
+        {
+          struct sigaction sa_ign = { .sa_handler = SIG_IGN };
+          sigaction(SIGINT, &sa_ign, NULL);
+          sigaction(SIGQUIT, &sa_ign, NULL);
+        }
+
       /* Let child run now that the uid maps are set up */
       val = 1;
       res = TEMP_FAILURE_RETRY (write (child_wait_fd, &val, 8));

completions/bash/bwrap

@@ -14,6 +14,7 @@ _bwrap() {
 		--clearenv
 		--disable-userns
 		--help
+		--ignore-keyboard-signals
 		--new-session
 		--unshare-all
 		--unshare-cgroup

completions/zsh/_bwrap

@@ -49,6 +49,7 @@ _bwrap_args=(
     '--gid[Custom gid in the sandbox (requires --unshare-user or --userns)]: :_guard "[0-9]#" "numeric group ID"'
     '--help[Print help and exit]'
     '--hostname[Custom hostname in the sandbox (requires --unshare-uts)]:hostname:'
+    '--ignore-keyboard-signals[Ignore SIGINT and SIGQUIT while waiting for the command to terminate]'
     '--info-fd[Write information about the running container to FD]: :_guard "[0-9]#" "file descriptor to write to"'
     '--json-status-fd[Write container status to FD as multiple JSON documents]: :_guard "[0-9]#" "file descriptor to write to"'
     '--lock-file[Take a lock on DEST while sandbox is running]:lock file:_files'