On 2019-03-31, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > On Mar 31, 2019, at 3:17 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > >> On Sun, Mar 31, 2019 at 2:10 PM Christian Brauner <christian@xxxxxxxxxx> wrote: > >> > >> I don't think that we want or can make them equivalent since that would > >> mean we depend on procfs. > > > > Sure we can. > > > > If /proc is enabled, then you always do that dance YOU ALREADY WROTE > > THE CODE FOR to do the stupid ioctl. > > > > And if /procfs isn't enabled, then you don't do that. > > > > Ta-daa. Done. No stupid ioctl, and now /proc and pidfd_open() return > > the same damn thing. > > > > And guess what? If /proc isn't enabled, then obviously pidfd_open() > > gives you the /proc-less thing, but at least there is no crazy "two > > different file descriptors for the same thing" situation, because then > > the /proc one doesn't exist. > > > > I wish we could do this, and, in a clean design, it would be a > no-brainer. But /proc has too much baggage. Just to mention two such > things, there’s “net” and “../sys”. This crud is why we have all > kinds of crazy rules that prevent programs in sandboxes from making a > new mounts and mounting /proc in it. If we make it possible to clone > a new process and this access /proc without having /proc mounted, > we’ll open up a big can of worms. > > Maybe we could have a sanitized view of /proc and make a pidfd be a > directory fd pointing at that. Eric pitched a procfs2 which would *just* be the PIDs some time ago (in an attempt to make it possible one day to mount /proc inside a container without adding a bunch of masked paths), though it was just an idea and I don't know if he ever had a patch for it. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature