Module spawn

Expand description

Process spawning module for secretsh.

Uses posix_spawnp(3) — Apple’s recommended API for launching child processes on macOS. fork(2) is unsafe in multithreaded processes on macOS because system frameworks (e.g. libdispatch, CoreFoundation) hold internal locks that may be owned by a non-forking thread at the moment of the fork, causing the child to deadlock immediately. posix_spawnp avoids this by performing the exec atomically inside the kernel without ever running arbitrary user-space code in the child.

§Architecture

 caller
   │
   ▼
spawn_child()
   ├─ create stdout_pipe + stderr_pipe
   ├─ build posix_spawn_file_actions (dup2 write-ends → fd 1, fd 2)
   ├─ build posix_spawnattr (default flags; FD_CLOEXEC set on pipes instead)
   ├─ posix_spawnp()  ──────────────────────────────► child process
   ├─ close write-ends in parent
   ├─ zeroize CString argv immediately
   ├─ install SIGINT/SIGTERM/SIGHUP forwarding handlers
   ├─ spawn reader threads (stdout + stderr) with byte-limit enforcement
   ├─ deadline loop: waitpid(WNOHANG) + timeout + limit checks
   └─ redact + return SpawnResult

Structs§

SpawnConfig: Configuration knobs for spawn_child.
SpawnResult: The outcome of a successfully-spawned child process.

Functions§

spawn_child: Spawn a child process with the given argv, collect its output, and return a SpawnResult with redacted stdout/stderr.

Module spawn

Module spawn Copy item path

§Architecture

Structs§

Functions§

Module spawn