Problem
When IsolatedPinset is dropped, Rust drops fields in declaration order. The TempDir field's drop deletes the staging directory. If any in-progress open_ipfs calls are still reading from that staging directory (the guest has an open fd), those reads could fail or see deleted files.
Additionally, the spawned background unpin tasks from Drop could race with TempDir deletion if staging cleanup is added (see #266).
Fix
Use Arc<TempDir> or convert via TempDir::into_path() with an Arc<PathBuf> so the staging dir survives until all references are dropped. Alternatively, ensure all guest fds are closed before the IsolatedPinset drops (process exit ordering).
Context
Found by adversarial review on #263. Low severity in practice since IsolatedPinset drops at process exit when all guest fds are already closed.
Problem
When
IsolatedPinsetis dropped, Rust drops fields in declaration order. TheTempDirfield's drop deletes the staging directory. If any in-progressopen_ipfscalls are still reading from that staging directory (the guest has an open fd), those reads could fail or see deleted files.Additionally, the spawned background unpin tasks from
Dropcould race with TempDir deletion if staging cleanup is added (see #266).Fix
Use
Arc<TempDir>or convert viaTempDir::into_path()with anArc<PathBuf>so the staging dir survives until all references are dropped. Alternatively, ensure all guest fds are closed before theIsolatedPinsetdrops (process exit ordering).Context
Found by adversarial review on #263. Low severity in practice since IsolatedPinset drops at process exit when all guest fds are already closed.