From a3fd05765ebe293aaa60045b158b62e50db24803 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Tue, 9 Dec 2025 08:12:22 +0900
Subject: [PATCH] container: load initial process started before syscall

This avoids a race between returning from syscall and checking the state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 container/init.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/container/init.go b/container/init.go
index 04c643d..53fc547 100644
--- a/container/init.go
+++ b/container/init.go
@@ -380,6 +380,9 @@ func initEntrypoint(k syscallDispatcher, msg message.Msg) {
 			err     error
 			wpid    = -2
 			wstatus WaitStatus
+
+			// whether initial process has started
+			started bool
 		)
 
 		// keep going until no child process is left
@@ -406,6 +409,10 @@ func initEntrypoint(k syscallDispatcher, msg message.Msg) {
 				}
 			}
 
+			if !started {
+				started = initialProcessStarted.Load()
+			}
+
 			err = EINTR
 			for errors.Is(err, EINTR) {
 				wpid, err = k.wait4(-1, &wstatus, 0, nil)
@@ -414,7 +421,7 @@ func initEntrypoint(k syscallDispatcher, msg message.Msg) {
 
 		if !errors.Is(err, ECHILD) {
 			k.printf(msg, "unexpected wait4 response: %v", err)
-		} else if !initialProcessStarted.Load() {
+		} else if !started {
 			// initial process has not yet been reached and all daemons
 			// terminated or none were started in the first place
 			time.Sleep(500 * time.Microsecond)