Fix: controlled interrupt exit for subprograms

- Openvpn and Unbound do not receive OS signals
- Openvpn and Unbound run in a different process group than the entrypoint
- Openvpn and Unbound are gracefully shutdown by the entrypoint
- Update golibs with a modified command package
- Update dns to v1.9.0 where Unbound is luanched in its own group

internal/firewall/ip6tables.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os/exec"
 	"strings"
 
 	"github.com/qdm12/golibs/command"
@@ -15,7 +16,8 @@ var (
 )
 
 func ip6tablesSupported(ctx context.Context, commander command.Commander) (supported bool) {
-	if _, err := commander.Run(ctx, "ip6tables", "-L"); err != nil {
+	cmd := exec.CommandContext(ctx, "ip6tables", "-L")
+	if _, err := commander.Run(cmd); err != nil {
 		return false
 	}
 	return true
@@ -40,7 +42,8 @@ func (c *configurator) runIP6tablesInstruction(ctx context.Context, instruction
 		fmt.Println("ip6tables " + instruction)
 	}
 	flags := strings.Fields(instruction)
-	if output, err := c.commander.Run(ctx, "ip6tables", flags...); err != nil {
+	cmd := exec.CommandContext(ctx, "ip6tables", flags...)
+	if output, err := c.commander.Run(cmd); err != nil {
 		return fmt.Errorf("%w: \"ip6tables %s\": %s: %s", ErrIP6Tables, instruction, output, err)
 	}
 	return nil

internal/firewall/iptables.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"net"
 	"os"
+	"os/exec"
 	"strings"
 
 	"github.com/qdm12/gluetun/internal/models"
@@ -46,7 +47,8 @@ func flipRule(rule string) string {
 
 // Version obtains the version of the installed iptables.
 func (c *configurator) Version(ctx context.Context) (string, error) {
-	output, err := c.commander.Run(ctx, "iptables", "--version")
+	cmd := exec.CommandContext(ctx, "iptables", "--version")
+	output, err := c.commander.Run(cmd)
 	if err != nil {
 		return "", err
 	}
@@ -74,7 +76,8 @@ func (c *configurator) runIptablesInstruction(ctx context.Context, instruction s
 		fmt.Printf("iptables %s\n", instruction)
 	}
 	flags := strings.Fields(instruction)
-	if output, err := c.commander.Run(ctx, "iptables", flags...); err != nil {
+	cmd := exec.CommandContext(ctx, "iptables", flags...)
+	if output, err := c.commander.Run(cmd); err != nil {
 		return fmt.Errorf("%w \"iptables %s\": %s: %s", ErrIPTables, instruction, output, err)
 	}
 	return nil

internal/openvpn/command.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os/exec"
 	"strings"
+	"syscall"
 
 	"github.com/qdm12/gluetun/internal/constants"
 )
@@ -30,7 +32,10 @@ func (c *configurator) Start(ctx context.Context, version string) (
 
 	c.logger.Info("starting OpenVPN " + version)
 
-	return c.commander.Start(ctx, bin, "--config", constants.OpenVPNConf)
+	cmd := exec.CommandContext(ctx, bin, "--config", constants.OpenVPNConf)
+	cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
+
+	return c.commander.Start(cmd)
 }
 
 func (c *configurator) Version24(ctx context.Context) (version string, err error) {
@@ -44,7 +49,8 @@ func (c *configurator) Version25(ctx context.Context) (version string, err error
 var ErrVersionTooShort = errors.New("version output is too short")
 
 func (c *configurator) version(ctx context.Context, binName string) (version string, err error) {
-	output, err := c.commander.Run(ctx, binName, "--version")
+	cmd := exec.CommandContext(ctx, binName, "--version")
+	output, err := c.commander.Run(cmd)
 	if err != nil && err.Error() != "exit status 1" {
 		return "", err
 	}