From 698ac172aadd15afced079bb9553e1ea24e63d06 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 19 Feb 2025 20:57:24 +0100 Subject: [PATCH] exec-invoke: Use FORK_DETACH when forking off pid namespace child This ensures the child process is immediately re-parented to the manager process which avoids a "Supervising process xxx which is not our child. We'll most likely not notice when it exits." warning which can currently happen if the parent systemd-executor parent process sends the pid namespace child process pidref to the manager process and the manager process dispatches the child process pidref before the systemd-executor parent process exits, since at that point the pid namespace child process's parent will still be the systemd-executor parent process and not the manager process. --- src/core/exec-invoke.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 10111a81868..f0ab3637add 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -2480,7 +2480,8 @@ static int setup_private_pids(const ExecContext *c, ExecParameters *p) { if (pipe2(errno_pipe, O_CLOEXEC) < 0) return log_exec_debug_errno(c, p, errno, "Failed to create pipe for communicating with parent process: %m"); - r = pidref_safe_fork("(sd-pidns-child)", FORK_NEW_PIDNS, &pidref); + /* Set FORK_DETACH to immediately re-parent the child process to the invoking manager process. */ + r = pidref_safe_fork("(sd-pidns-child)", FORK_NEW_PIDNS|FORK_DETACH, &pidref); if (r < 0) return log_exec_debug_errno(c, p, r, "Failed to fork child into new pid namespace: %m"); if (r > 0) { -- 2.47.3