From 1e3ed9e4eb0c5ea530438425b095b14c27b7c32d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=BCdiger=20Birkner?= <ruediger.birkner@dfinity.org>
Date: Fri, 17 May 2024 07:41:59 +0000
Subject: [PATCH] fix(api-boundary-node): make ic-boundary create its own
 process group

---
 Cargo.lock                               | 1 +
 rs/boundary_node/ic_boundary/BUILD.bazel | 1 +
 rs/boundary_node/ic_boundary/Cargo.toml  | 1 +
 rs/boundary_node/ic_boundary/src/core.rs | 9 +++++++++
 4 files changed, 12 insertions(+)

diff --git a/Cargo.lock b/Cargo.lock
index e7b9753630b..7f43208157f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5450,6 +5450,7 @@ dependencies = [
  "mockall",
  "moka",
  "nftables",
+ "nix 0.24.3",
  "prometheus",
  "rand 0.8.5",
  "ratelimit",
diff --git a/rs/boundary_node/ic_boundary/BUILD.bazel b/rs/boundary_node/ic_boundary/BUILD.bazel
index 729b4ba729f..691e66713c2 100644
--- a/rs/boundary_node/ic_boundary/BUILD.bazel
+++ b/rs/boundary_node/ic_boundary/BUILD.bazel
@@ -56,6 +56,7 @@ DEPENDENCIES = [
     "@crate_index//:mockall",
     "@crate_index//:moka",
     "@crate_index//:nftables",
+    "@crate_index//:nix",
     "@crate_index//:prometheus",
     "@crate_index//:rand",
     "@crate_index//:ratelimit",
diff --git a/rs/boundary_node/ic_boundary/Cargo.toml b/rs/boundary_node/ic_boundary/Cargo.toml
index 36f9c71100a..113622070a3 100644
--- a/rs/boundary_node/ic_boundary/Cargo.toml
+++ b/rs/boundary_node/ic_boundary/Cargo.toml
@@ -68,6 +68,7 @@ maxminddb = "0.24"
 mockall = { workspace = true }
 moka = { version = "0.12", features = ["sync", "future"] }
 nftables = "0.4"
+nix = { workspace = true }
 prometheus = { workspace = true }
 rand = "0.8.4"
 ratelimit = "0.9.1"
diff --git a/rs/boundary_node/ic_boundary/src/core.rs b/rs/boundary_node/ic_boundary/src/core.rs
index 749d4905d28..97cbeb2261b 100644
--- a/rs/boundary_node/ic_boundary/src/core.rs
+++ b/rs/boundary_node/ic_boundary/src/core.rs
@@ -27,6 +27,7 @@ use ic_registry_replicator::RegistryReplicator;
 use ic_types::crypto::threshold_sig::ThresholdSigPublicKey;
 use ic_types::CanisterId;
 use little_loadshedder::{LoadShedError, LoadShedLayer};
+use nix::unistd::{getpgid, setpgid, Pid};
 use prometheus::Registry;
 use rustls::cipher_suite::{TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384};
 use tokio::sync::RwLock;
@@ -107,6 +108,14 @@ pub async fn main(cli: Cli) -> Result<(), Error> {
         panic!("--local-store-path and --stub-replica are mutually exclusive and at least one of them must be specified");
     }
 
+    // make sure ic-boundary is the leader of its own process group
+    let pgid = getpgid(None).context("Failed to get the process group ID.")?;
+    if pgid != Pid::this() {
+        // If that is not the case, set it as the leader of its own process group
+        setpgid(Pid::from_raw(0), Pid::from_raw(0))
+            .context("Failed to setup a new process group for ic-boundary.")?;
+    }
+
     // Metrics
     let metrics_registry = Registry::new_custom(Some(SERVICE_NAME.into()), None)?;