On 2026-02-23 at 16:51:46, Andrew Au wrote:
> When git runs as PID 1 inside a container and exits via exit(128) on
> transport errors, child processes (git-remote-https, ssh, proxy) are
> never waited on because the normal cleanup paths (disconnect_helper,
> finish_connect) are bypassed. Since PID 1 has no parent to reap its
> children, these become zombies that persist for the container's lifetime.
> 
> This patch registers atexit handlers in transport-helper.c and connect.c
> to ensure children are reaped on any exit path, and clears them on the
> normal cleanup paths to avoid double-waiting.
> 
> Blog post with detailed investigation: https://cshung.github.io/posts/zombie-git/

Usually people use a tool like tini as PID 1 in containers, which allows
that process to handle process reaping while still exec'ing the normal
Git or other command.  It's the case that _most_ processes are not
designed to run properly as process 1 in a container or otherwise, so
a specialized init-capable helper program is usually a good idea.

Even with this series to fix some of the process reaping problems, I
expect you'll find other cases in Git where we don't always reap
processes correctly as well, so an init helper would still be useful.
-- 
brian m. carlson (they/them)
Toronto, Ontario, CA