Summary

When command.runtimeExecPolicy: "argv" is set on Linux, exiting a sandboxed agent could leave the outer fence wedged - prompt never returns, terminal must be closed. Reproduced on WSL2 (kernel 6.6) with fence -- bash; exit. Root cause: the runner's supervisor goroutine sits in ioctl(SECCOMP_IOCTL_NOTIF_RECV), and close(listenerFD) from another OS thread doesn't wake it, so the runner deadlocks waiting for the supervisor channel.

Fix: park the supervisor in ppoll([listenerFD, wakeFD]) and wake it via an eventfd. A 2s bounded drain catches any future kernel where the eventfd path also misbehaves; on WSL2 today it never fires.

Related: #148.

Changes

• New argvRunnerShutdown (eventfd + idempotent Begin()) in runtime_exec_argv_shutdown_linux.go.
• runLinuxArgvExecSupervisor: ppoll-then-ioctl via waitForArgvExecNotification; handles EAGAIN/EINTR/POLLHUP/EBADF.
• RunLinuxArgvExecRunnerFromEnv: restructured around the coordinator; one Begin() covers all teardown paths with a 2s bounded drain that logs loudly if it fires.
• bwrap now runs in its own pgrp (Setpgid: true).
• startLinuxArgvExecSignalForwarder: 1st SIGINT/SIGTERM -> bwrap; 2nd -> pgrp + Begin(); 3rd+ -> SIGKILL + Begin(). SIGWINCH unchanged.
• Unit tests for the coordinator and waitForArgvExecNotification. TestWaitForArgvExecNotification_WakeFromShutdown.

Verification

• WSL2 kernel 6.6: pre-fix hangs reproducibly; post-fix exits cleanly. pkill -9 bwrap mid-session also drains via the eventfd path (no timeout warning).

Follow-up

Unify this signal forwarder with startCommandWithSignalProxy in cmd/fence/main.go (same escalation pattern)