From 51a0845adba702ac02437405988b24b3b2c9fb45 Mon Sep 17 00:00:00 2001
From: James O'Doherty <james@theodohertyfamily.com>
Date: Wed, 3 Jun 2026 23:45:45 -0400
Subject: fix: resolve resource leaks and improve namespace lifecycle
 management

- Fix DNS resolver leaks by creating temporary resolv.conf files within the profile's runtime directory and ensuring robust cleanup.
- Fix isolation block directory leaks by explicitly removing the block directory during namespace unpinning.
- Improve namespace lifecycle management:
    - Register processes before joining an active namespace to prevent race conditions in reference counting.
    - Update `IsLastProcess` and corresponding tests to reflect the unregister-then-check cleanup flow.
- Improve test reliability and correctness:
    - Convert `TestAppRun_ProfileDirInjection` to use separate binary execution, preventing process replacement and ensuring `t.TempDir()` cleanup.
    - Replace hardcoded test configuration paths with `t.TempDir()` in `mount_leak_test.go`.
    - Implement `SetEnvOverrides` helper for cleaner environment variable management in E2E tests.
    - Improve E2E lifecycle tests with better environment handling and output redirection.
---
 internal/namespace/lifecycle.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'internal/namespace/lifecycle.go')

diff --git a/internal/namespace/lifecycle.go b/internal/namespace/lifecycle.go
index 3bd1753..5f729d3 100644
--- a/internal/namespace/lifecycle.go
+++ b/internal/namespace/lifecycle.go
@@ -168,7 +168,7 @@ func IsLastProcess(pm *paths.PathManager, profile string) (bool, error) {
 		}
 	}
 
-	return activeCount <= 1, nil
+	return activeCount == 0, nil
 }
 
 // SetControllerPid records the current process as the owner of the namespace.
-- 
cgit v1.2.3