Added a reaper.c - kqueue-based process reaper for container teardown:
The container spawns child processes from several places: foreground
commands (execute_command), background tasks (background_command_thread),
scheduled tasks and start-config scripts. Without a reaper, anything those
children spawn keeps running after the container exits.
Cleanup combines two mechanisms:
-
Process groups. Background tasks lead their own process group (setpgid),
so a single killpg() takes down the whole subtree they spawned without
having to enumerate it. This is what guarantees long-lived background
work is cleaned up.- A kqueue EVFILT_PROC / NOTE_EXIT watch on every process we register, so the reaper keeps an accurate live set and can signal exactly what is still running at shutdown (SIGTERM, a short grace period, then SIGKILL).
NOTE_TRACK (which would let the kernel follow forks down the tree via
NOTE_CHILD) is intentionally NOT used: it returns ENOTSUP on modern macOS
(verified on Darwin 25 / macOS 26). Fork-tree following therefore relies on
process-group inheritance instead - descendants stay in their ancestor's
group unless they setsid() away.
We intentionally do NOT waitpid() in the reaper loop. Direct children are
reaped synchronously by their existing waiters (execute_command and the
background-task threads); reaping here too would race them and steal exit
statuses. The reaper only drains leftover zombies during shutdown, once the
interactive loop and those waiters are gone.
Added a mDNSResponder socket proxy:
The sandbox profile applied to the container denies everything by default,
so processes inside it cannot reach the host's /var/run/mDNSResponder UNIX
socket and DNS / Bonjour resolution fails. This proxy listens on a socket
inside the container's filesystem (/var/run/mDNSResponder)
and relays each connection to the real host daemon. Container processes are
pointed at it through the DNSSD_UDS_PATH environment variable, which the
dns_sd client library honours instead of the compiled-in default path.
The dns_sd UDS protocol passes file descriptors between client and daemon
using SCM_RIGHTS ancillary messages, so the relay forwards both the payload
bytes and any descriptors; a byte-only relay would drop the passed fds and
silently break DNSServiceProcessResult() callbacks.
Improved logging, fixed bugs, made network creation and cleaning more viable, restructured code to be more readable. Fixed the terminal after a long time to finally be viable.
Top comments (0)