Struct ProcessIndex 

pub struct ProcessIndex { /* private fields */ }

Source-of-truth registry for processes inside the sandbox.

Maps the kernel’s numeric pid (the value that arrives in seccomp notifications) to the canonical PidKey plus an Arc<AsyncMutex<PerProcessState>> holding everything per-process. Held behind an internal std::sync::RwLock so the read-mostly hot paths (key_for, contains, entry_for, /proc virtualization) avoid an async mutex on every notification, and so ProcessIndex doesn’t need its own outer wrapper in SupervisorCtx. Lock guards are !Send and the compiler will reject holding one across an .await, which keeps callers honest.

Ownership of each child’s pidfd lives with the per-child watcher task, not with this index. That keeps the kernel fd alive for as long as the AsyncFd registration in the tokio IO driver does, and avoids a race where dropping the fd from the index could deregister a recycled fd from epoll.

Implementations

impl ProcessIndex

pub fn new() -> Self

pub fn register(&self, pid: i32) -> Option<PidKey>

Register a process by reading its start_time once and allocating its PerProcessState. Returns the canonical key, or None if the process is already gone. The caller is responsible for keeping the pidfd alive — the per-child watcher task does this via AsyncFd<OwnedFd>.

pub fn key_for(&self, pid: i32) -> Option<PidKey>

Look up the canonical PidKey for a notification’s raw pid. Returns None if this pid was never registered (e.g. pidfd_open failed at fork) — callers should fall back to a no-op.

pub fn entry_for( &self, pid: i32, ) -> Option<(PidKey, Arc<AsyncMutex<PerProcessState>>)>

Look up both the PidKey and the per-process state handle for pid. Returns None if the pid isn’t tracked. The caller locks the returned Arc<AsyncMutex<…>> to read or mutate.

pub fn contains(&self, pid: i32) -> bool

Cheap membership test — used by /proc virtualization to gate access to /proc/<pid>/... paths and by getdents filtering.

pub fn len(&self) -> usize

Number of tracked processes (for /proc/loadavg total).

pub fn max_pid(&self) -> Option<i32>

Largest tracked pid (for /proc/loadavg last_pid).

pub fn pids_snapshot(&self) -> HashSet<i32>

Snapshot the set of tracked pids. Used by getdents filtering where the caller needs O(1) lookups inside a loop and would otherwise have to re-acquire the read lock per entry.

pub fn unregister(&self, key: PidKey)

Remove a process from the index. The per-process state’s Arc reference held by the index drops here; remaining clones (e.g. a handler that’s mid-execution for that pid) will drop when they go out of scope, and the inner PerProcessState frees automatically.

pub fn prune_dead(&self)

Defensive sweep: drop entries whose process is gone (or whose start_time has changed). Called from a low-frequency backstop task in case a pidfd watcher failed to spawn or the kernel didn’t deliver the readability event.

Trait Implementations

impl Default for ProcessIndex

fn default() -> Self

Returns the “default value” for a type.