On 2019-04-15, Enrico Weigelt, metux IT consult <lkml@xxxxxxxxx> wrote: > > This patchset makes it possible to retrieve pid file descriptors at > > process creation time by introducing the new flag CLONE_PIDFD to the > > clone() system call as previously discussed. > > Sorry, for highjacking this thread, but I'm curious on what things to > consider when introducing new CLONE_* flags. > > The reason I'm asking is: > > I'm working on implementing plan9-like fs namespaces, where unprivileged > processes can change their own namespace at will. For that, certain > traditional unix'ish things have to be disabled, most notably suid. > As forbidding suid can be helpful in other scenarios, too, I thought > about making this its own feature. Doing that switch on clone() seems > a nice place for that, IMHO. Just spit-balling -- is no_new_privs not sufficient for this usecase? Not granting privileges such as setuid during execve(2) is the main point of that flag. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature