diff --git a/sandboxed_api/sandbox2/fork_client.cc b/sandboxed_api/sandbox2/fork_client.cc
index 567faa8..0cb1be9 100644
--- a/sandboxed_api/sandbox2/fork_client.cc
+++ b/sandboxed_api/sandbox2/fork_client.cc
@@ -20,8 +20,6 @@
 
 namespace sandbox2 {
 
-const char kForkServerDisableEnv[] = "SANDBOX2_NOFORKSERVER";
-
 pid_t ForkClient::SendRequest(const ForkRequest& request, int exec_fd,
                               int comms_fd, int user_ns_fd, pid_t* init_pid) {
   // Acquire the channel ownership for this request (transaction).
diff --git a/sandboxed_api/sandbox2/fork_client.h b/sandboxed_api/sandbox2/fork_client.h
index cdfa3de..36d8d24 100644
--- a/sandboxed_api/sandbox2/fork_client.h
+++ b/sandboxed_api/sandbox2/fork_client.h
@@ -17,34 +17,35 @@
 
 #include <sys/types.h>
 
-#include "absl/base/attributes.h"
+#include "absl/base/thread_annotations.h"
 #include "absl/synchronization/mutex.h"
 
 namespace sandbox2 {
 
 // Envvar indicating that this process should not start the fork-server.
-ABSL_CONST_INIT extern const char kForkServerDisableEnv[];
+constexpr inline char kForkServerDisableEnv[] = "SANDBOX2_NOFORKSERVER";
 
 class Comms;
 class ForkRequest;
 
 class ForkClient {
  public:
+  explicit ForkClient(Comms* comms) : comms_(comms) {}
+
   ForkClient(const ForkClient&) = delete;
   ForkClient& operator=(const ForkClient&) = delete;
 
-  explicit ForkClient(Comms* comms) : comms_(comms) {}
-
   // Sends the fork request over the supplied Comms channel.
   pid_t SendRequest(const ForkRequest& request, int exec_fd, int comms_fd,
                     int user_ns_fd = -1, pid_t* init_pid = nullptr);
 
  private:
   // Comms channel connecting with the ForkServer. Not owned by the object.
-  Comms* comms_;
+  Comms* comms_ ABSL_GUARDED_BY(comms_mutex_);
   // Mutex locking transactions (requests) over the Comms channel.
   absl::Mutex comms_mutex_;
 };
+
 }  // namespace sandbox2
 
 #endif  // SANDBOXED_API_SANDBOX2_FORK_CLIENT_H_