In particular, since most of the shim can end up being executed in the context of a signal handler, it ought to be async signal safe. This limits the parts of libc that it can safely use quite a bit (signal-safety(7)

Rust has no concept of signal safety at all. At a minimum we probably need to avoid std completely to ensure nothing is trying to use a global allocator.

Native thread locals can also be problematic. It currently only creates problems in our clone unit tests, though we've had problems with older versions of glibc as well. We have a custom thread-local-storage (shim_tls) to alleviate this, but it's difficult to be sure that dependencies aren't using native thread local storage.