* Tycho Andersen: > From: Tycho Andersen <tandersen@xxxxxxxxxxx> > > We are using the pidfd family of syscalls with the seccomp userspace > notifier. When some thread triggers a seccomp notification, we want to do > some things to its context (munge fd tables via pidfd_getfd(), maybe write > to its memory, etc.). However, threads created with ~CLONE_FILES or > ~CLONE_VM mean that we can't use the pidfd family of syscalls for this > purpose, since their fd table or mm are distinct from the thread group > leader's. In this patch, we relax this restriction for pidfd_open(). Does this mean that pidfd_getfd cannot currently be used to get descriptors for a TID if that TID doesn't happen to share its descriptor set with the thread group leader? I'd like to offer a userspace API which allows safe stashing of unreachable file descriptors on a service thread. Cc:ing Mathieu because of our previous discussions? Thanks, Florian
