feat(watchdog): pipe-based POLLHUP parent death detection#278
Merged
DorianZheng merged 1 commit intomainfrom Feb 16, 2026
Merged
feat(watchdog): pipe-based POLLHUP parent death detection#278DorianZheng merged 1 commit intomainfrom
DorianZheng merged 1 commit intomainfrom
Conversation
Replace `kill(parent_pid, 0)` polling loop with the "pipe trick" for parent death detection. The parent holds the write end of a pipe; the shim polls the read end. When the parent dies or drops the Keepalive, the kernel closes the write end, delivering POLLHUP immediately — zero latency, works across PID/mount namespaces. Key changes: - New watchdog module with Keepalive/ChildSetup types and PIPE_FD constant - JailerBuilder gains preserved_fd support for FD inheritance through pre_exec - ShimSpawner struct replaces spawn_subprocess() free function - ShimHandler stores Keepalive for defense-in-depth (drop triggers shutdown) - Shim's parent watchdog rewritten to use poll() on inherited pipe FD - Remove parent_pid from InstanceSpec (no longer needed) - Integration test: non_detached_box_exits_on_runtime_drop (symmetric counterpart to detached_box_survives_runtime_drop)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
kill(parent_pid, 0)polling with the pipe trick for parent death detection — zero latency, kernel-mediated, works across PID/mount namespaceswatchdogmodule withKeepalive/ChildSetuptypes; parent holds write end, shim polls read end for POLLHUPJailerBuildergainspreserved_fdsupport to inherit the watchdog pipe through pre_exec FD cleanupShimSpawnerstruct replacesspawn_subprocess()free function, returningSpawnedShimwith child + keepaliveShimHandlerstoresKeepalivefor defense-in-depth (dropping handler triggers shim shutdown even ifstop()is never called)parent_pidfromInstanceSpec(no longer needed)Test plan
non_detached_box_exits_on_runtime_drop— verifies full chain: Keepalive drop → pipe close → POLLHUP → SIGTERM → shim exitdetached_box_survives_runtime_drop(detached boxes survive, non-detached boxes exit)cargo clippy --testsclean,cargo fmtclean