On Sun, May 24, 2020 at 04:39:41PM -0700, Sargun Dhillon wrote:
> Certain files, when moved to another process have metadata changed, such
> as netprioidx, and classid. This is the default behaviour in sending
> sockets with SCM_RIGHTS over unix sockets. Depending on the usecase,
> this may or may not be desirable with the addfd ioctl. This allows
> the user to opt-in.
>
> Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx>
> Suggested-by: Tycho Andersen <tycho@xxxxxxxx>
> Cc: Matt Denton <mpdenton@xxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxx>,
> Cc: Jann Horn <jannh@xxxxxxxxxx>,
> Cc: Robert Sesek <rsesek@xxxxxxxxxx>,
> Cc: Chris Palmer <palmer@xxxxxxxxxx>
> Cc: Christian Brauner <christian.brauner@xxxxxxxxxx>
> ---
> include/uapi/linux/seccomp.h | 8 ++++++++
> kernel/seccomp.c | 31 +++++++++++++++++++++++++++----
> 2 files changed, 35 insertions(+), 4 deletions(-)
>
> diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h
> index 7d450a9e4c29..ccd1c960372a 100644
> --- a/include/uapi/linux/seccomp.h
> +++ b/include/uapi/linux/seccomp.h
> @@ -115,6 +115,14 @@ struct seccomp_notif_resp {
>
> /* valid flags for seccomp_notif_addfd */
> #define SECCOMP_ADDFD_FLAG_SETFD (1UL << 0) /* Specify remote fd */
> +/*
> + * Certain file descriptors are behave differently depending on the process
"do behave"?
> + * they are created in. Specifcally, sockets, and their interactions with the
> + * net_cls and net_prio cgroup v1 controllers. This "moves" the file descriptor
> + * so that it takes on the cgroup controller's configuration in the process
> + * that the file descriptor is being added to.
> + */
> +#define SECCOMP_ADDFD_FLAG_MOVE (1UL << 1)
I'm not happy about the name because "moving" has much more to do with
transferring ownership than what we are doing here. After a "move" the
fd shouldn't be valid anymore. But that might just be my thinking.
But why make this opt-in and not do it exactly like when you send around
fds and make this mandatory?
