Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3211970imu; Mon, 19 Nov 2018 12:23:00 -0800 (PST) X-Google-Smtp-Source: AJdET5fRo64b4kkpVajQVPI8kgTUAAnRmRVM6Mrr9kPUEwDEBca10FLNUvgrDdmYHlMGVKPpnh7v X-Received: by 2002:a63:da14:: with SMTP id c20mr20592377pgh.233.1542658980060; Mon, 19 Nov 2018 12:23:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542658980; cv=none; d=google.com; s=arc-20160816; b=zZfhXYb+zTagVeiY04vM0h3Gp49DW3gzL+sUtEm4aWb4mjNElsG1L5v3N6eMB4NjPk sZt6LBwMJ58UXulxQmXRIe6w8oD8O/Bw0db+qmve6/CWiZbK+T8/T8AiVyuZ8yK98yyB 5PRY70Ag7eNGcLkI68DUQvkO0rEKcG8bA1bXluPVlQy1OX63sQlVgrGk5+VArbxb2fnc 6NxFkyUgPFrVKDITtVbPuA95h1zGiFQDh00g4pXc4DqPyxJ1neScb0/Z6SipBlyVlCmx 8MfXTJDcFDgm1R1aypAb2//AEBTKOxVcDgiQ06DM5ym2s4d1sbGEvPElBVxI6Zybz8Pw /Ptw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=4XLRnbk2PMmV5kiElKzX6u2SLlMTEbCtv63Ci9eyJoU=; b=PSQjcv1NH+hTNp61Mn0WpDFvsKf5Vny5HW2mIwnr/kf1T8i8nX8SlYmz+3Prd03kRU 1rgvZm5IRAQPeezCbeUg9Vw0LBPmt44CrKixG1VcgKFO//WWrB7BE0i6Fqdo4hZhiJO9 SojGOJHNsgkAQWauzYQd/qn7IUJmg2boNKriD7RKFtR+IjjUv96dqqFaFGJKylRYmDpY zJUDkk3mwyIpOJcaoQON1yirgRvABvjGc7Hv7haHoIooboP70xhh9E+85H4HAb64vtjU owJnQaGa+bDCETNyFht3YA4dBqIfdOBdctr5d/XByI1juKGWpiSH8kwWk5aquVZB4WGG XGgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w12si10957679pgl.122.2018.11.19.12.22.44; Mon, 19 Nov 2018 12:23:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730602AbeKTGrX (ORCPT + 99 others); Tue, 20 Nov 2018 01:47:23 -0500 Received: from mx2.mailbox.org ([80.241.60.215]:21428 "EHLO mx2.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728938AbeKTGrX (ORCPT ); Tue, 20 Nov 2018 01:47:23 -0500 Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id BF039A23EE; Mon, 19 Nov 2018 21:22:03 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id lRsbVGwNnT88; Mon, 19 Nov 2018 21:21:59 +0100 (CET) Date: Tue, 20 Nov 2018 07:21:47 +1100 From: Aleksa Sarai To: Daniel Colascione Cc: Dmitry Safonov <0x7f454c46@gmail.com>, Andy Lutomirski , Randy Dunlap , Christian Brauner , "Eric W. Biederman" , open list , Serge Hallyn , Jann Horn , Andrew Morton , Oleg Nesterov , Al Viro , Linux FS Devel , Linux API , Tim Murray , Kees Cook , Jan Engelhardt , Andrei Vagin Subject: Re: [PATCH] proc: allow killing processes via file descriptors Message-ID: <20181119202147.ciihjtjwvuqsjkl5@yavin> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="w4qs7hshq6b2wwkx" Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --w4qs7hshq6b2wwkx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2018-11-19, Daniel Colascione wrote: > > I wonder how fast it would be holding a pid with another open()ed fd. > > And then you need to read comm (or how you filter whom to kill). > > It seems to me that procfs will be even slower with this safe-way. > > But I might misunderstand the idea, excuses. > > > > So, I just wanted to gently remind about procfs with netlink socket[1]. >=20 > We discussed netlink was extensively on the thread about > /proc/pid/kill. For numerous reasons, it's not suitable for > fundamental process management. We really need an FD-based interface > to processes, just like we have FD-based interfaces to other resource > types. We need something consistent and reliable, not an abuse of a > monitoring interface. Another significant problem with using netlink for something like this is that (as its name suggest) it's tied to network namespaces and not pid namespaces so you wouldn't reasonably be able to use the API inside a container. Using an fd side-steps the problem somewhat (though this just gave me an idea -- I will add it to the other thread). --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --w4qs7hshq6b2wwkx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEb6Gz4/mhjNy+aiz1Snvnv3Dem58FAlvzG1sACgkQSnvnv3De m5/o3w//QtToPt6YGjGxEwBs6Xy/JH/aPOJuTGxlgjIqAPfQlv58hS027yma2liy MsHd/8Ifp2BvwzqeFdE8E9u96/TxeC95kmF9InaIG8mNfUa3rPYQrm1rBIMJ4JGn X2JXntY8s+YGiO3FwJ/r0CDEIzNNWevaNBN3z8oWKYlJ0FsYQhF6i523MgSuiMqP fVDyroRdWoFWKc0XenbWh2OKwM2rxjVfNg6QYabm/b7YNBfOqZI9SskYDCu7xRkD ZE1kfO/nHORskwhJ+06ArwboyhnLThAcgGEdJ3dw7ujio10s0xuJvZ+wHYktsA2a fEcnIFzshktG6Tpjqh0mYopLFskQceSXuJLjkZsOSOamzH3LI312EPfCQGOO/xBx 83KhHHXbZg1K0gxQGfImGlR9G0H0M12S9JPZ/lThQ2NLUgmYRgN2PLFi8vfxqSFO 0FerWJrVJbGfuHb/qA9GWytrbfoMfgL2lyAGtnZWOWQXysT34zVHPWsxcgF0pmTc wbGYKmjxt3YEg74hoUgFJldpl56zDvflwFtZcJusimMA/ELIPKi3QBcVuW2mtYkr 1YC6DCsdSYzLZmLDViU+xP5SamPd/pAJH/l26p4yXwkW47Drd+gGTt+mRLLqxVxQ ZZAnUMSetE/S+Yk4Wv0YxdXnEKIEfKd4HRvMfQ1gkYcXMXc0NZo= =y5gr -----END PGP SIGNATURE----- --w4qs7hshq6b2wwkx--