openSUSE · f0rki · Mar 18, 2022 · cyphar · Sep 17, 2024 · cyphar
diff --git a/README.md b/README.md
@@ -29,9 +29,10 @@ other features will be added.
 
 catatonit has identical usage to other basic `docker-init`'s -- you give it the
 command and list of arguments to that command. If catatonit is not pid1, it
-will try to use the sub-reaper support in the kernel. You can pass `-g` if you
-want signals to be forwarded to the entire process group of your spawned
-process (otherwise it's just forwarded to the process spawned).
+will try to use the sub-reaper support in the kernel. You can pass `-g` or set
+the `CATATONIT_KILLPG` environment variable if you want signals to be forwarded
+to the entire process group of your spawned process (otherwise it's just
+forwarded to the process spawned).
 
 If you wish to use catatonit as a convenient pause container (do not spawn a
 child process nor do any signal handling), use pass `-P`.

diff --git a/catatonit.c b/catatonit.c
@@ -482,6 +482,11 @@ int main(int argc, char **argv)
 	if (argc < 1 && !run_as_pause)
 		bail_usage("missing program name");
 
+	char *kill_pgid_env = secure_getenv("CATATONIT_KILLPG");
+	if (kill_pgid_env != NULL) {
+		kill_pgid = true;
+	}
-	if (kill_pgid_env != NULL) {
-		kill_pgid = true;
-	}
+	if (kill_pgid_env)
+		kill_pgid = true;
-	if (kill_pgid_env != NULL) {
-		kill_pgid = true;
-	}
+	kill_pgid |= getenv("CATATONIT_KILLPG") != NULL;
-	if (kill_pgid_env != NULL) {
-		kill_pgid = true;
-	}
+	if (kill_pgid_env)
+		kill_pgid = true;
-	if (kill_pgid_env != NULL) {
-		kill_pgid = true;
-	}
+	kill_pgid |= getenv("CATATONIT_KILLPG") != NULL;
+
 	/*
 	 * If we aren't pid1, we have to set subreaper or bail. Otherwise zombies
 	 * will collect on the host and that's just not a good idea. We don't just