On Fri, Jun 22, 2018 at 01:34:18AM +0200, Jann Horn wrote: > On Fri, Jun 22, 2018 at 12:05 AM Tycho Andersen <tycho@xxxxxxxx> wrote: > > > > The idea here is that the userspace handler should be able to pass an fd > > back to the trapped task, for example so it can be returned from socket(). > [...] > > +Userspace can also return file descriptors. For example, one may decide to > > +intercept ``socket()`` syscalls, and return some file descriptor from those > > +based on some policy. To return a file descriptor, the ``return_fd`` member > > +should be non-zero, the ``fd`` argument should be the fd in the listener's > > +table to send to the tracee (similar to how ``SCM_RIGHTS`` works), and > > +``fd_flags`` should be the flags that the fd in the tracee's table is opened > > +with (e.g. ``O_EXCL`` or similar). > > fd_flags only contains file descriptor flags (meaning only O_CLOEXEC). > O_EXCL is a file creation flag, so setting it here wouldn't make sense. > Setting file status flags like O_APPEND does make sense, but those are > stored in the `struct file` and don't need to be passed separately; > the caller can e.g. set them via fcntl(fd, F_SETFD, flags) or on > open(). > (The fcntl.2 manpage explains these.) Ugh, yes, O_CLOEXEC is what I meant. Thanks, I'll clarify. Tycho _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
