Support macOS and the BSDs, not just Linux#1
Merged
Conversation
The handoff mechanism is plain POSIX — fork/exec FD inheritance, flock, Unix-domain control sockets, signals — with no Linux-only syscalls. It was only incidentally Linux-bound. Make it build and run on macOS and the BSDs automatically (via cfg, not a Cargo feature — no opt-in for embedders). - supervisor.rs: cfg-gate SOCK_CLOEXEC on the control socketpair. macOS doesn't define the flag (nix won't compile the symbol there), so fall back to a follow-up fcntl(FD_CLOEXEC) on each end. Linux/BSD path unchanged. - fd.rs: drop SOCK_CLOEXEC from a test socketpair — throwaway source FDs don't need it, and dropping it keeps the test compiling on macOS. - stress.rs: read /dev/fd instead of /proc/self/fd for the FD-leak counter. /dev/fd is the portable spelling across Linux, macOS, and FreeBSD. - CI: add a macos-latest test job (exercises the fcntl fallback and /dev/fd for real) and a FreeBSD cross-compile check (no free BSD runner exists). - Docs: broaden the rename-atomicity note beyond Linux; add a Platforms section (Linux/macOS/BSD supported, Windows not). Windows is out of scope: no fork/exec FD inheritance and no flock, so the model would need a separate backend. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Merged
jaredLunde
added a commit
that referenced
this pull request
Jun 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
handoff's mechanism is plain POSIX —
fork/execFD inheritance,flock, Unix-domain control sockets, signals. None of it is Linux-only; the crate was just incidentally Linux-bound. This makes services that embed handoff build and run on macOS and the BSDs with no opt-in — automatic via#[cfg(target_os = …)], not a Cargo feature (an embedder shouldn't have to flip a flag to get a working build on their platform).A full sweep of every
libc::/nix::call site found exactly one production break, two test breaks, and a docs cleanup. Everything else is uniform across Unix (verified: nopidfd/signalfd/prctl/epoll/memfd//procin library code; FD handoff is fork/exec inheritance, notSCM_RIGHTS).Changes
supervisor.rs—make_socketpair()cfg-gatesSOCK_CLOEXECon the control socketpair. macOS doesn't define that flag (nix won't even compile the symbol there), so the macOS path creates the pair then setsFD_CLOEXECvia a follow-upfcntl. The Linux/BSD atomic path is unchanged. The non-atomic window on macOS is theoretical — this runs on the rare swap path, not under a fork storm.fd.rs— dropsSOCK_CLOEXECfrom a test socketpair (throwaway source FDs for the dup2-shuffle assertion; the flag isn't needed and isn't defined on macOS).stress.rs— FD-leak counter reads/dev/fdinstead of/proc/self/fd./dev/fdis the portable spelling: a symlink to/proc/self/fdon Linux, a real fdescfs on macOS and FreeBSD.macos-latesttest job (runs unit + integration + stress, so it actually exercises thefcntlcloexec fallback and/dev/fdenumeration that cross-compilation can't), plus a FreeBSD cross-compile check (GitHub has no free BSD runner, so a type-check is the pragmatic proof the BSD path stays buildable).Out of scope
Windows — no
fork/execFD inheritance, noflock. It would need a separate backend behind theDrainableAPI; that's a different decision, not requested here.Verification (local, on Linux)
cargo checkcross-compiles without an Apple/BSD SDK (type-check only, no linking):cargo check --workspace --all-targets --target aarch64-apple-darwin— proves the macOScfgbranch compiles and nothing else is silently Linux-boundcargo check --workspace --all-targets --target x86_64-unknown-freebsdclippyclean,fmtcleanThe macOS CI job in this PR is what validates the macOS code paths running for real.
🤖 Generated with Claude Code