< Back to all hacks

#33 setsid Gateway Detach

Debloat
Problem
Gateway is child of Termux bash. Killing Dalvik VM kills the gateway too (cgroup cascade).
Solution
Launch with /system/bin/setsid — new session, no controlling terminal, survives Dalvik kill.
Lesson
setsid > nohup. nohup only handles SIGHUP. setsid creates entirely new session.

Context

On Android, every app runs inside a cgroup managed by ActivityManager. Termux and all its child processes (bash, sshd, Node.js) belong to the same cgroup. When Android decides to kill Termux's Dalvik VM (due to memory pressure or am force-stop), it sends SIGKILL to the entire cgroup — killing every child process, including the gateway.

The common Unix approach to detach a process is nohup, but nohup only ignores SIGHUP (the signal sent when a terminal closes). It does NOT protect against cgroup kills or SIGKILL. The gateway needs to be in its own session, completely detached from Termux's process tree.

Implementation

Use /system/bin/setsid (Android's busybox setsid) to create a new session. The process becomes a session leader with no controlling terminal:

# In ~/.termux/boot/start-pocketclaw.sh or manual launch:
/system/bin/setsid start-openclaw > "$PREFIX/tmp/openclaw-gateway.log" 2>&1 &

The full boot script context:

#!/data/data/com.termux/files/usr/bin/bash
# start-pocketclaw.sh

# Acquire wake lock first
termux-wake-lock
sleep 15  # Wait for WiFi

# Start sshd (stays in Termux cgroup — acceptable, will restart via boot)
sshd

# Start gateway DETACHED from Termux cgroup
/system/bin/setsid start-openclaw > "$PREFIX/tmp/openclaw-gateway.log" 2>&1 &

# Start cron daemon
crond

Verification

# Check that the gateway is in its own session:
ps -o pid,sid,pgid,comm -p $(pgrep -f openclaw-gateway)
# Expected: SID (session ID) differs from Termux's bash SID

# Check the gateway is not a child of Termux bash:
pstree -p $(pgrep -f openclaw-gateway)
# Expected: standalone process, not under bash

# Test: killing Termux Dalvik should NOT kill the gateway
# (Do this carefully — it will kill your SSH session too)

Gotchas

  • Use /system/bin/setsid (Android's), not Termux's setsid if available — ensures the binary works in the Android process model
  • The gateway's stdout/stderr must be redirected to a file since there's no controlling terminal
  • After setsid, the process can't be easily brought back to the foreground. Use logs and kill for management
  • pkill -f openclaw from an SSH session can also kill sshd children if the pattern matches too broadly. Always use specific PIDs

Result

MetricBeforeAfter
Survives Dalvik killNoYes
Process isolationTermux cgroupOwn session
Signal vulnerabilitySIGHUP, SIGKILL (cgroup)Only direct SIGKILL
< #32 ESM Stubs at HOST Path
#34 Dirty COW Root (CVE-2016-5195) >