From 971d786b81c3427ab19606217ff927c4807a58e0 Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Sat, 27 Jul 2024 11:46:51 +0800
Subject: [PATCH] wrapper-manager/sandboxing/bubblewrap: add option for
 ensuring dying with parent

---
 modules/wrapper-manager/sandboxing/bubblewrap/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix
index 26f3b54f..f8920454 100644
--- a/modules/wrapper-manager/sandboxing/bubblewrap/default.nix
+++ b/modules/wrapper-manager/sandboxing/bubblewrap/default.nix
@@ -45,6 +45,10 @@ let
     enableIsolation = lib.mkEnableOption "unsharing most of the system" // {
       default = if isGlobal then true else cfg.enableIsolation;
     };
+
+    enableEnsureChildDiesWithParent = lib.mkEnableOption "ensuring child processes die with parent" // {
+      default = if isGlobal then true else cfg.enableEnsureChildDiesWithParent;
+    };
   };
 in
 {
@@ -104,6 +108,9 @@ in
             (lib.mkIf submoduleCfg.enableIsolation {
               sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--unshare-all" ];
             })
+
+            (lib.mkIf submoduleCfg.enableEnsureChildDiesWithParent {
+              sandboxing.bubblewrap.extraArgs = lib.mkBefore [ "--die-with-parent" ];
             })
           ]);
         };