Child PID from `--info-fd` and `--json-status-fd` is not concurency safe
igo95862 opened this issue · 0 comments
igo95862 commented
The bwrap main process will write the the JSON in to those options as soon as it forks:
Line 2922 in 8e51677
However, the child process still has a lot of initialization steps left.
This can result in a difficult to diagnose concurrency bugs. I experienced this then trying to write to the /proc/sys/user/max_* files. When you acquire a user namespace file descriptor from a child PID it can either be the direct child user namespace or a child user namespace with a intermediate parent depending on how far in to initialization the child is. (when using --dev option)
At least this concurrency should be documented in man page.