gravitational · nklaassen · Jan 17, 2025 · Jan 14, 2025 · Jan 16, 2025 · Jan 16, 2025
diff --git a/lib/vnet/admin_process_darwin.go b/lib/vnet/admin_process_darwin.go
@@ -33,7 +33,7 @@ import (
 //
 // It also handles host OS configuration that must run as root, and stays alive
 // to keep the host configuration up to date. It will stay running until the
-// socket at config.socketPath is deleted, [ctx] is canceled, or until
+// socket at config.socketPath is deleted, ctx is canceled, or until
 // encountering an unrecoverable error.
 func RunDarwinAdminProcess(ctx context.Context, config daemon.Config) error {
 	if err := config.CheckAndSetDefaults(); err != nil {
@@ -73,7 +73,7 @@ func RunDarwinAdminProcess(ctx context.Context, config daemon.Config) error {
 }
 
 // createAndSendTUNDevice creates a virtual network TUN device and sends the open file descriptor on
-// [socketPath]. It returns the name of the TUN device or an error.
+// socketPath. It returns the name of the TUN device or an error.
 func createAndSendTUNDevice(ctx context.Context, socketPath string) (string, error) {
 	tun, tunName, err := createTUNDevice(ctx)
 	if err != nil {
@@ -106,7 +106,7 @@ func createTUNDevice(ctx context.Context) (tun.Device, string, error) {
 	return dev, name, nil
 }
 
-// osConfigurationLoop will keep running until [ctx] is canceled or an unrecoverable error is encountered, in
+// osConfigurationLoop will keep running until ctx] is canceled or an unrecoverable error is encountered, in
 // order to keep the host OS configuration up to date.
 func osConfigurationLoop(ctx context.Context, tunName, ipv6Prefix, dnsAddr, homePath string, clientCred daemon.ClientCred) error {
 	osConfigurator, err := newOSConfigurator(tunName, ipv6Prefix, dnsAddr, homePath, clientCred)
@@ -127,7 +127,7 @@ func osConfigurationLoop(ctx context.Context, tunName, ipv6Prefix, dnsAddr, home
 	}
 
 	defer func() {
-		// Shutting down, deconfigure OS. Pass context.Background because [ctx] has likely been canceled
+		// Shutting down, deconfigure OS. Pass context.Background because ctx has likely been canceled
 		// already but we still need to clean up.
 		if err := osConfigurator.deconfigureOS(context.Background()); err != nil {
 			log.ErrorContext(ctx, "Error deconfiguring host OS before shutting down.", "error", err)

diff --git a/lib/vnet/process_manager.go b/lib/vnet/process_manager.go
@@ -18,6 +18,7 @@ package vnet
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"sync"
 
@@ -70,7 +71,11 @@ func (pm *ProcessManager) Wait() error {
 	select {
 	case <-pm.closed:
 		// Errors are expected after the process manager has been closed,
-		// usually due to context cancellation.
+		// usually due to context cancellation, but other error types may be
+		// returned. Log unexpected errors at debug level but return nil.
+		if err != nil && !errors.Is(err, context.Canceled) {
+			log.DebugContext(context.Background(), "ProcessManager exited with error after being closed", "error", err)
+		}
 		return nil
 	default:
 		return trace.Wrap(err)

diff --git a/lib/vnet/user_process.go b/lib/vnet/user_process.go
@@ -49,24 +49,18 @@ func (c *UserProcessConfig) checkAndSetDefaults() error {
 }
 
 // RunUserProcess is called by all VNet client applications (tsh, Connect) to
-// start and run all VNet tasks.
+// start and run all VNet tasks.  It returns a [ProcessManager] which controls
+// the lifecycle of all tasks and background processes.
 //
-// It returns a [ProcessManager] which controls the lifecycle of all tasks and
-// background processes. The caller is expected to call Close on the process
-// manager to clean up any resources, terminate all processes, and remove and OS
-// configuration used for actively running VNet.
-//
-// ctx is used to wait for setup steps that happen before RunUserProcess hands out the
-// control to the process manager. If ctx gets canceled during RunUserProcess, the process
-// manager gets closed along with its background tasks.
+// ctx is used for setup steps that happen before RunUserProcess passes control
+// to the process manager. Canceling ctx after RunUserProcess returns will _not_
+// cancel the background tasks. If [RunUserProcess] returns without error, the
+// caller is expected to call Close on the process manager to clean up any
+// resources, terminate all processes, and remove any OS configuration used for
+// actively running VNet.
 func RunUserProcess(ctx context.Context, cfg *UserProcessConfig) (pm *ProcessManager, err error) {
 	if err := cfg.checkAndSetDefaults(); err != nil {
 		return nil, trace.Wrap(err)
 	}
-	defer func() {
-		if pm != nil && err != nil {
-			pm.Close()
-		}
-	}()
 	return runPlatformUserProcess(ctx, cfg)
 }
diff --git a/lib/vnet/user_process_darwin.go b/lib/vnet/user_process_darwin.go
@@ -31,11 +31,14 @@ import (
 // background. To do this, it also needs to launch an admin process in the
 // background. It returns a [ProcessManager] which controls the lifecycle of
 // both background tasks.
-//
-// The caller is expected to call Close on the process manager to close the
-// network stack, clean up any resources used by it and terminate the admin
-// process.
-func runPlatformUserProcess(ctx context.Context, config *UserProcessConfig) (*ProcessManager, error) {
+func runPlatformUserProcess(ctx context.Context, config *UserProcessConfig) (pm *ProcessManager, err error) {
+	// Make sure to close the process manager if returning a non-nil error.
+	defer func() {
+		if pm != nil && err != nil {
+			pm.Close()
+		}
+	}()
+
 	ipv6Prefix, err := NewIPv6Prefix()
 	if err != nil {
 		return nil, trace.Wrap(err)

diff --git a/lib/vnet/user_process_windows.go b/lib/vnet/user_process_windows.go
@@ -25,22 +25,16 @@ import (
 // runPlatformUserProcess launches a Windows service in the background that will
 // handle all networking and OS configuration. The user process exposes a gRPC
 // interface that the admin process uses to query application names and get user
-// certificates for apps.
-//
-// RunUserProcess returns a [ProcessManager] which controls the lifecycle of
-// both the user and admin processes.
-//
-// The caller is expected to call Close on the process manager to clean up any
-// resources and terminate the admin process, which will in turn stop the
-// networking stack and deconfigure the host OS.
-//
-// ctx is used to wait for setup steps that happen before RunUserProcess hands out the
-// control to the process manager. If ctx gets canceled during RunUserProcess, the process
-// manager gets closed along with its background tasks.
+// certificates for apps. It returns a [ProcessManager] which controls the
+// lifecycle of both the user and admin processes.
 func runPlatformUserProcess(ctx context.Context, config *UserProcessConfig) (pm *ProcessManager, err error) {
-	if err := config.checkAndSetDefaults(); err != nil {
-		return nil, trace.Wrap(err)
-	}
+	// Make sure to close the process manager if returning a non-nil error.
+	defer func() {
+		if pm != nil && err != nil {
+			pm.Close()
+		}
+	}()
+
 	pm, processCtx := newProcessManager()
 	pm.AddCriticalBackgroundTask("VNet Windows service", func() error {
 		return trace.Wrap(runService(processCtx), "running VNet Windows service in the background")