From: Red Bear OS
Date: 2026-04-28
Subject: daemon: handle missing INIT_NOTIFY gracefully instead of panicking

The Daemon::new() and Daemon::ready() functions in the daemon library
called unwrap() on the INIT_NOTIFY environment variable and the ready
pipe write, causing a hard panic when a daemon is started outside the
init system's notification pipe mechanism.

Replace unwrap() with graceful error handling:
- get_fd() returns -1 if the env var is missing or invalid, logging
  a warning via eprintln
- ready() logs a warning on write failure instead of panicking

diff --git a/daemon/src/lib.rs b/daemon/src/lib.rs
index 9f507221..a0ba9d88 100644
--- a/daemon/src/lib.rs
+++ b/daemon/src/lib.rs
@@ -11,12 +11,23 @@ use redox_scheme::Socket;
 use redox_scheme::scheme::{SchemeAsync, SchemeSync};
 
 unsafe fn get_fd(var: &str) -> RawFd {
-    let fd: RawFd = std::env::var(var).unwrap().parse().unwrap();
+    let fd: RawFd = match std::env::var(var)
+        .map_err(|e| eprintln!("daemon: env var {var} not set: {e}"))
+        .ok()
+        .and_then(|val| {
+            val.parse()
+                .map_err(|e| eprintln!("daemon: failed to parse {var} as fd: {e}"))
+                .ok()
+        }) {
+        Some(fd) => fd,
+        None => return -1,
+    };
     if unsafe { libc::fcntl(fd, libc::F_SETFD, libc::FD_CLOEXEC) } == -1 {
-        panic!(
+        eprintln!(
             "daemon: failed to set CLOEXEC flag for {var} fd: {}",
             io::Error::last_os_error()
         );
+        return -1;
     }
     fd
 }
@@ -50,8 +61,10 @@ impl Daemon {
 
     /// Notify the process that the daemon is ready to accept requests.
     pub fn ready(mut self) {
-        self.write_pipe.write_all(&[0]).unwrap();
+        if let Err(err) = self.write_pipe.write_all(&[0]) {
+            eprintln!("daemon::ready write failed: {err}");
+        }
     }
 
     /// Executes `Command` as a child process.