> int execve_parent(int parent_pidfd, int root_dirfd, int cgroup_fd, int > namespace_fd, const char *pathname, char *const argv[], char *const > envp[]); A variant on the same scheme would be: int execve_remote(int pidfd, int root_dirfd, int cgroup_fd, int namespace_fd, const char *pathname, char *const argv[], char *const envp[]); Unpriv'd process calls fork(), and from that fork sends its pidfd through a unix socket to systemd-sudod, which then calls execve_remote on that pidfd. There are a lot of (potentially very bad) ways to skin this cat.
