Skip to content

W06.A.3: wire LD_PRELOAD shim notifications into journal events#47

Merged
mfwolffe merged 2 commits into
trunkfrom
worktree-w06a3-shim-to-journal
May 24, 2026
Merged

W06.A.3: wire LD_PRELOAD shim notifications into journal events#47
mfwolffe merged 2 commits into
trunkfrom
worktree-w06a3-shim-to-journal

Conversation

@espadonne
Copy link
Copy Markdown
Contributor

@espadonne espadonne commented May 24, 2026
edited by mfwolffe
Loading

Summary

Daemon's shim_listener::handle_one previously acked Allow and
discarded the ShimNotification. W06.A.3 wires it through:

  1. Resolve pid → CommandId via ActiveCommands::resolve_by_descendant.
  2. Classify the syscall → TreeOp::Unlink (unlink/unlinkat) or
    TreeOp::Rename (rename/renameat).
  3. Journal via Index::put_event.
  4. Then ack Allow (resolution happens BEFORE ack to avoid the
    ps -p race against fast-dying emitter pids — see comment).

Headline result

make-install-undo-fbsd.sh transitions from documenting-the-gap
(applied=0, files remain) to Outcome A: full undo:

[smoke] shim notifications observed by daemon: 2
[smoke] journal events: 2
[smoke] OUTCOME A — full undo (install-target reverted, source unchanged)
[smoke] PASS: make-install-undo-fbsd (Outcome A)

/usr/bin/install's two rename(temp→final) calls fire the shim
interposer (W06.A.2's versioned exports), notifications reach the
daemon (W06.A.2's .symver plumbing), the daemon resolves each
pid back to the smoke's command, journals two TreeOp::Rename
events, and shit undo --yes emits the inverse renames + cleans
the install-target.

Race fix

Initial impl resolved pid → CommandId AFTER acking the shim;
the emitter (e.g. install) terminates within ~10ms of the ack,
and our ps -p <pid> resolution returns empty. Notifications
arrive in the daemon but the journal stays empty.

Fix: resolve synchronously BEFORE ack. Costs ~10ms per
notification (one ps -p per ancestor level) but fits inside
the shim's 50ms allow-on-timeout budget. Followup
W06.A.4-or-later carries ancestry inline in the wire to
eliminate the shell-out entirely.

Out of scope (W06.A.4)

  • Pre-image capture for open/truncate/pwrite/mmap
    these modify content, need pre-mutation bytes via SCM_RIGHTS.
    Currently dropped with a debug log.
  • Ancestry-in-wire (eliminate the ps -p cost).
  • W08's mv smoke gates — needs the smoke to set LD_PRELOAD for
    mv itself. Documented in .docs/sprints/W/W06.A/followups.md.

Test plan

  • cargo test -p shitd — 127 tests pass (incl
    shim_listener::one_shot_notify_round_trip).
  • cargo fmt --check, cargo clippy -p shitd --all-targets -- -D warnings clean.
  • All 8 W smokes on shit-fbsd PASS, including
    make-install-undo-fbsd now at Outcome A.
  • freebsd-smoke (B04) CI green.

@mfwolffe mfwolffe merged commit b2678d2 into trunk May 24, 2026
24 checks passed
This was referenced May 24, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@espadonne @mfwolffe