On 17.04.19 14:54, Christian Brauner wrote: >> Ah, that is a cool thing !>> I suppose that also works across namespaces ?> > Yes, it should. If you hand off the pidfd to another pidns (e.g. via SCM> credentials) for example. I thought about things like sending the pidfd via unix socket. It would be really cool if the receiving process could then control the referred process (eg. send signals), even if it's in a different pidns. >> What other things can be done via pidfd ? > > Very basic things right now and until CLONE_PIDFD is accepted (possibly > for 5.2) we won't enable any more features. > I'm not a fan of wild speculations and grand schemes that then don't > come to fruition. :) Right now it's about focussing on somewhat cleanly > covering the basics. Coming to a consensus there was hard enough. We > have no intention in making this more complex right now as it needs to > be. IMHO, it would be good if it would support all operations that now can be done via numerical PID, and w/ the permissions of the process who created that pidfd. Certainly, that would also need some lockdown mechanism, so the creating process can define what the holder of the fd can actually do. --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@xxxxxxxxx -- +49-151-27565287