On Sat, 14 Oct 2017 11:17:47 +0300 Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx> wrote: > >>> pid_t translate_pid(pid_t pid, int source, int target); > >>> > >>> This syscall converts pid from source pid-ns into pid in target pid-ns. > >>> If pid is unreachable from target pid-ns it returns zero. > >>> > >>> Pid-namespaces are referred file descriptors opened to proc files > >>> /proc/[pid]/ns/pid or /proc/[pid]/ns/pid_for_children. Negative argument > >>> refers to current pid namespace, same as file /proc/self/ns/pid. > >>> > >>> Kernel expose virtual pids in /proc/[pid]/status:NSpid, but backward > >>> translation requires scanning all tasks. Also pids could be translated > >>> by sending them through unix socket between namespaces, this method is > >>> slow and insecure because other side is exposed inside pid namespace. > > Andrew asked why we might need this. > > Such conversion is required for interaction between processes across pid-namespaces. > For example to identify process in container by pid file looking from outside. > > Two years ago I've solved this in project of mine with monstrous code which > forks couple times just to convert pid, lucky for me performance wasn't important. That's a single user who needed this a single time, and found a userspace-based solution anyway. This is not exactly compelling! Is there a stronger case to be made? How does this change benefit our users? Sell it to us! -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
