This patchset adds the ability for users of the seccomp user notification API to receive the pidfd of the process which triggered the notification. It is an optional feature that users must opt into by setting a flag when they call the ioctl. With enhancements to other APIs, it should decrease the need for the cookie-checking mechanism. Sargun Dhillon (4): pid: Add pidfd_create_file helper fork: Use newly created pidfd_create_file helper seccomp: Add SECCOMP_USER_NOTIF_FLAG_PIDFD to get pidfd on listener trap selftests/seccomp: test SECCOMP_USER_NOTIF_FLAG_PIDFD include/linux/pid.h | 1 + include/uapi/linux/seccomp.h | 4 + kernel/fork.c | 4 +- kernel/pid.c | 22 ++++ kernel/seccomp.c | 68 ++++++++++- tools/testing/selftests/seccomp/seccomp_bpf.c | 110 ++++++++++++++++++ 6 files changed, 200 insertions(+), 9 deletions(-) -- 2.20.1