Is this a bug, or am I holding it wrong?
It is a bug indeed! Thanks for the report and the detailed analysis.
I'll fix it asap.
So maybe skalibs' cspawn...
...calls cspawn_fork() on FreeBSD if CSPAWN_FLAGS_SETSID is set.
...calls cspawn_pspawn() on macOS under the same conditions.
There is no call to selfpipe_finish() in cspawn_pspawn.
Yes. selfpipe_finish() must not be called in cspawn_pspawn() since only
the parent
process is running; the child process is only controlled by the
posix_spawn attributes.
With cspawn_fork(), selfpipe_finish() runs in the child.
(I guess because of posix_spawnattr_setsigmask?)
The signal mask must be restored before the exec in both cases. It's
the sigmask
attribute for posix_spawn(), and selfpipe_finish() for fork().
But all that is only where the problem manifests. The real issue
happens much earlier:
when notification-fd is read and accepted without vetting that it's not
clobbering the
selfpipe. This is what I'll fix.
--
Laurent
