On Thu, Nov 30, 2023 at 08:43:18PM +0100, Florian Weimer wrote: > * Mathieu Desnoyers: > > >>> I'd like to offer a userspace API which allows safe stashing of > >>> unreachable file descriptors on a service thread. > > >> By "safe" here do you mean not accessible via pidfd_getfd()? > > No, unreachable by close/close_range/dup2/dup3. I expect we can do an > intra-process transfer using /proc, but I'm hoping for something nicer. It occurred to me that we could get the seccomp() protected-memory functionality almost all the way via some combination of memfd_create(MFD_ALLOW_SEALING), fcntl(F_SEAL_WRITE|F_SEAL_SEAL), and mmap(PROT_NONE). Some other thread could come along and unmap/remap, but perhaps with some kind of F_SEAL_NOUNMAP married to one of these special files we could both get what we want? I submitted a talk to FOSDEM just for grins, if anyone is planning to attend that. Tycho
