On Sun, Mar 31, 2019 at 03:16:47PM -0700, Linus Torvalds wrote: > On Sun, Mar 31, 2019 at 3:03 PM Christian Brauner <christian@xxxxxxxxxx> wrote: > > > > Thanks for the input. The problem Jann and I saw with this is that it > > would be awkward to have the kernel open a file in some procfs instance, > > since then userspace would have to specify which procfs instance the fd > > should come from. > > I would actually suggest we just make the rules be that the > pidfd_open() always return the internal /proc entry regardless of any > mount-point (or any "hidepid") but also suggest that exactly *because* > it gives you visibility into the target pid, you'd basically require > the strictest kind of control of the process you're trying to get the > pidfd of. > > Ie likely something along the lines of > > ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS) I can live with that but I would like to hear what Jann thinks too if that's ok. Christian