Thanks, Xander.
On closer inspection and some testing on a Linux system, there is a possible race condition where a process can actually have a /proc entry that is a fraction of a second newer than a file created by that very process. That's why the commands I gave you for testing didn't function as expected.
# bash -c 'echo $$ > pidfile; ls -ldt --full-time pidfile /proc/$$'
dr-xr-xr-x 9 root root 0 2024-03-07 03:31:15.961650417 +0000 /proc/742781
-rw-r--r-- 1 root root 7 2024-03-07 03:31:15.953650428 +0000 pidfile
On the surface of it this would look like a bug, wherein my modified watchdog could potentially see a factually valid pidfile that matched the actual running instance of the watchdog that generated the pidfile—but the new watchdog would disregard the pidfile because it's older than the running process, according to /proc. This would be a problem.
However, when I added a run of 'ps -p $$' in my test command ahead of the pidfile creation, I was unable to trigger the race condition and the timestamps are much further apart than the discrepancy shown above. (I tried many times; the sequence of events seems completely reliable and the time interval much more consistent.)
# bash -c 'ps -p $$; echo $$ > pidfile; ls -ldt --full-time pidfile /proc/$$'
PID TTY TIME CMD
750818 pts/1 00:00:00 bash
-rw-r--r-- 1 root root 7 2024-03-07 03:36:57.569061554 +0000 pidfile
dr-xr-xr-x 9 root root 0 2024-03-07 03:36:57.537061615 +0000 /proc/750818
I speculate that the /proc entry has to be created before the ps command can run successfully, so the kernel will do that before continuing, whereas in the earlier command the pidfile can go ahead and get created when the kernel hasn't yet bothered with the /proc update. In the watchdog code, there is a run of ps -p on the pidfile contents before pidfile creation, so I think it is likely impossible for this race condition to be hit with the script as written. (I can't prove it definitively.)
In any case—could you please try the following modified test command? Just the one test case, since this is the only "interesting" code path left untested.
bash -c 'ps -p $$; echo $$ > /var/cfengine/watchdog_changed.pid; /opt/freeware/bin/sleep infinity' &
/var/cfengine/bin/watchdog_changed
Expected output from the second part: