Bug 1778052 - Don't reset ignored signals when starting a sandboxed child process on Linux. r=gcp

We uninstall signal handlers in child processes after clone(), because
they probably won't do the right thing if invoked in that context.
However, the current code also resets signals which were ignored;
if that disposition was set by an outside program like `nohup`, the
expectation is that it should be inherited.  This patch omits those
signals when resetting handlers (similar to what `exec` does).

Differential Revision: https://phabricator.services.mozilla.com/D151336

security/sandbox/linux/launch/SandboxLaunch.cpp

@@ -468,8 +468,23 @@ static void RestoreSignals(const sigset_t* aOldSigs) {
   }
 }
 
+static bool IsSignalIgnored(int aSig) {
+  struct sigaction sa {};
+
+  if (sigaction(aSig, nullptr, &sa) != 0) {
+    if (errno != EINVAL) {
+      SANDBOX_LOG_ERRNO("sigaction(%d)", aSig);
+    }
+    return false;
+  }
+  return sa.sa_handler == SIG_IGN;
+}
+
 static void ResetSignalHandlers() {
   for (int signum = 1; signum <= SIGRTMAX; ++signum) {
+    if (IsSignalIgnored(signum)) {
+      continue;
+    }
     if (signal(signum, SIG_DFL) == SIG_ERR) {
       MOZ_DIAGNOSTIC_ASSERT(errno == EINVAL);
     }