daemon/priv: mark monitored as volatile sig_atomic_t

It is read by `sig_pass_to_chld()` and `sig_chld()` from signal context,
and written from the main thread (after fork). Plain int is not
guaranteed to be safe across this boundary.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

diff --git a/src/daemon/priv-seccomp.c b/src/daemon/priv-seccomp.c
index 0856ac66a0bf682892106de0a770026012609de4..30840df962bca333f59b94aea1f54def2756ee89 100644 (file)
--- a/src/daemon/priv-seccomp.c
+++ b/src/daemon/priv-seccomp.c
@@ -42,8 +42,8 @@
 
 /* If there is no privilege separation, seccomp is currently useless */
 #ifdef ENABLE_PRIVSEP
-static int monitored = -1;
-static int trapped = 0;
+static volatile sig_atomic_t monitored = -1;
+static volatile sig_atomic_t trapped = 0;
 /**
  * SIGSYS signal handler
  * @param nr the signal number

diff --git a/src/daemon/priv.c b/src/daemon/priv.c
index cd1e9da243241ace2921785c23862e6cdca0abda..f0f18ea87dcd08c66c867a3b426f72775a1111c4 100644 (file)
--- a/src/daemon/priv.c
+++ b/src/daemon/priv.c
@@ -73,7 +73,7 @@ int res_init(void);
 #endif
 
 #ifdef ENABLE_PRIVSEP
-static int monitored = -1; /* Child */
+static volatile sig_atomic_t monitored = -1; /* Child */
 #endif
 
 static char *ctlname = NULL; /* Registered control socket path */