On Wed, Mar 31, 2021 at 5:15 PM Christian Brauner <christian.brauner@xxxxxxxxxx> wrote: > > On Wed, Mar 31, 2021 at 04:05:10PM +0800, Xie Yongji wrote: > > Export receive_fd() so that some modules can use > > it to pass file descriptor between processes without > > missing any security stuffs. > > > > Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx> > > --- > > Yeah, as I said in the other mail I'd be comfortable with exposing just > this variant of the helper. Thanks, I got it now. > Maybe this should be a separate patch bundled together with Christoph's > patch to split parts of receive_fd() into a separate helper. Do we need to add the seccomp notifier into the separate helper? In our case, the file passed to the separate helper is from another process. Thanks, Yongji
