On Fri, Jan 24, 2020 at 10:03 AM Tycho Andersen <tycho@xxxxxxxx> wrote: > > On Fri, Jan 24, 2020 at 01:17:42AM -0800, Sargun Dhillon wrote: > > Currently, this just opens the group leader of the thread that triggere > > the event, as pidfds (currently) are limited to group leaders. > > I don't love the semantics of this; when they're not limited to thread > group leaders any more, we won't be able to change this. Is that work > far off? > > Tycho We would be able to change this in the future if we introduced a flag like SECCOMP_USER_NOTIF_FLAG_PIDFD_THREAD which would send a pidfd that's for the thread, and not just the group leader. The flag could either be XOR with SECCOMP_USER_NOTIF_FLAG_PIDFD, or could require both. Alternatively, we can rename SECCOMP_USER_NOTIF_FLAG_PIDFD to SECCOMP_USER_NOTIF_FLAG_GROUP_LEADER_PIDFD.
