> On Nov 18, 2018, at 12:44 PM, Daniel Colascione <dancol@xxxxxxxxxx> wrote: > > > That is, I'm proposing an API that looks like this: > > int process_kill(int procfs_dfd, int signo, const union sigval value) > > If, later, process_kill were to *also* accept process-capability FDs, > nothing would break. Except that this makes it ambiguous to the caller as to whether their current creds are considered. So it would need to be a different syscall or at least a flag. Otherwise a lot of those nice theoretical properties go away. > Yes, that's what I have in mind. A siginfo_t is small enough that we > could just store it as a blob allocated off the procfs inode or > something like that without bothering with a shmfs file. You'd be able > to read(2) the exit status as many times as you wanted. I think that, if the syscall in question is read(2), then it should work *once* per struct file. Otherwise running cat on the file would behave very oddly. Read and poll have the same problem as write: we can’t check caps in read or poll either.
