Proposal for __OwningControllerTimeout option
TL;DR - Can we add !__OwningControllerTimeout option that will cause the Tor OP to exit if it doesn't receive a TAKEOWNERSHIP in the specified time interval?
legacy/trac#3049 (moved) added TAKEOWNERSHIP and !__OwningControllerProcess to handle situations where a parent wants to spawn the Tor OP as a child and connect their life spans.
The problem is that !__OwningControllerProcess is very platform specific. It assumes that the Tor OP can see the parent PID and detect if it goes away. But this works differently on every platform and every new version of every platform. Then one gets to do fun things like add it to Android. It's a recipe for a lot of testing and compatibility issues.
!__OwningControllerProcess also doesn't handle situations where the parent might itself become a zombie so its PID is still there but it's not really running.
A potentially simpler solution that doesn't have cross platform issues is to introduce the !__OwningControllerTimeout option. This would specify that if the Tor OP doesn't receive a TAKEOWNERSHIP command within a certain time period then the Tor OP should exit automatically.
There is still a potential race condition here if the parent somehow gets blocked but this is easily detectable and recoverable by the parent.
For bonus points we could also add keep alives to TAKEOWNERSHIP in case the parent becomes a zombie but this is probably getting a big excessive.