On Tue, Mar 26, 2019 at 09:42:59AM -0700, Andy Lutomirski wrote: > On Tue, Mar 26, 2019 at 9:34 AM Christian Brauner <christian@xxxxxxxxxx> wrote: > > > > On Tue, Mar 26, 2019 at 05:31:42PM +0100, Christian Brauner wrote: > > > On Tue, Mar 26, 2019 at 05:23:37PM +0100, Christian Brauner wrote: > > > > On Tue, Mar 26, 2019 at 09:17:07AM -0700, Daniel Colascione wrote: > > > > > Thanks for the patch. > > > > > > > > > > On Tue, Mar 26, 2019 at 8:55 AM Christian Brauner <christian@xxxxxxxxxx> wrote: > > > > > > > > > > > > The pidctl() syscalls builds on, extends, and improves translate_pid() [4]. > > > > > > I quote Konstantins original patchset first that has already been acked and > > > > > > picked up by Eric before and whose functionality is preserved in this > > > > > > syscall: > > > > > > > > > > We still haven't had a much-needed conversation about splitting this > > > > > system call into smaller logical operations. It's important that we > > > > > address this point before this patch is merged and becomes permanent > > > > > kernel ABI. > > > > > > > > I don't particularly mind splitting this into an additional syscall like > > > > e.g. pidfd_open() but then we have - and yes, I know you'll say > > > > syscalls are cheap - translate_pid(), and pidfd_open(). What I like > > > > about this rn is that it connects both apis in a single syscall > > > > and allows pidfd retrieval across pid namespaces. So I guess we'll see > > > > what other people think. > > > > > > There's something to be said for > > > > > > pidfd_open(pid_t pid, int pidfd, unsigned int flags); > > > > > > /* get pidfd */ > > > int pidfd = pidfd_open(1234, -1, 0); > > > > > > /* convert to procfd */ > > > int procfd = pidfd_open(-1, 4, 0); > > > > > > /* convert to pidfd */ > > > int pidfd = pidfd_open(4, -1, 0); > > > > probably rather: > > > > int pidfd = pidfd_open(-1, 4, PIDFD_TO_PROCFD); > > Do you mean: > > int procrootfd = open("/proc", O_DIRECTORY | O_RDONLY); > int procfd = pidfd_open(procrootfd, pidfd, PIDFD_TO_PROCFD); > > or do you have some other solution in mind to avoid the security problem? Yes, we need the proc root obviously. I just jotted this down. We probably would need where one of the fds can refer to the proc root. pidfd_open(pid_t, int fd, int fd, 0)