Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2697964imc;
        Tue, 12 Mar 2019 22:02:44 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyX43GegtkAPdO2qNGAu/e6sdTICcWdQKRj+3aNzwi/OouSaJSl1QbGq5RkXpOaChUZQD2o
X-Received: by 2002:a17:902:728f:: with SMTP id d15mr43883528pll.156.1552453364621;
        Tue, 12 Mar 2019 22:02:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1552453364; cv=none;
        d=google.com; s=arc-20160816;
        b=whMzCHUU7tgSRoA8E413oi/YMmaTnhxDiuMrdUuiAFS5FvuIlQH549Jug0mYw9Tv8M
         gr2v67Zi/DvR32LoZ31o/gT8EkhnY+x36FMcZ6D1HYg+1cJyDFhEr5TOGA1kcR9TmxZZ
         H9uClS/eA42Q3v5jYrV9NIaNtHS25HWTCrL77ypfFuP7Ptm/S0UP0KVIXawJcVlTuFEZ
         un8x0sSoLyMdXyLX4wgGxUhrMZLEXoX/9CzMk0oeMIq9CA+dcHWndaPTc7oc6/XjHmV7
         YCiGjtesQfyn0UypuSis6Q6VjhIZOh23ad/4yPGcIoBRnrLyHwXEuH24sNfCRqhAZ8Gm
         I7Hw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:mime-version:user-agent:date:message-id:subject
         :from:cc:in-reply-to:to:dkim-signature;
        bh=BSiY41WUZOTJX6QSlHgyNV/xoUIDQJyY1QmOU7z+YQ0=;
        b=y3qBIFt00eCirevPhULbqTSEjgnP7Mhdq2ERAqxP+L+tb5Yx+TxcbMdVJXx+nkX2tm
         abBHmKCghdcJcXuGN0daRzMGsApEHEiSfDrxQShUTNypEsnpuXCrP2j51AzcS/s4dxwr
         tEMu70NcJOAoe9A9xwXWVc0SOx75lZoS/B9C98cyfN76sUPd5z79qAalspOrhbeRCvAd
         K0plcQBjxdf44Vq60ffHY/nNp58NbwN8ipBSzD83kWUfQcp53RXrJJ2/AYTuwrGkYG84
         zJmL3XauNbwL/AM36TBgm2qBOW44YY3CYkXQgC5vpi8rYCuz1RG9aZ97RIBaxJg/Y5wi
         GOvA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=vQwipTpP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h22si8972189pgv.533.2019.03.12.22.02.27;
        Tue, 12 Mar 2019 22:02:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=vQwipTpP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726623AbfCMFAw (ORCPT <rfc822;michael.k.kehoe@gmail.com>
        + 99 others); Wed, 13 Mar 2019 01:00:52 -0400
Received: from mail-pf1-f169.google.com ([209.85.210.169]:35819 "EHLO
        mail-pf1-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725821AbfCMFAw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Mar 2019 01:00:52 -0400
Received: by mail-pf1-f169.google.com with SMTP id j5so521725pfa.2
        for <linux-kernel@vger.kernel.org>; Tue, 12 Mar 2019 22:00:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=to:in-reply-to:cc:from:subject:message-id:date:user-agent
         :mime-version:content-language:content-transfer-encoding;
        bh=BSiY41WUZOTJX6QSlHgyNV/xoUIDQJyY1QmOU7z+YQ0=;
        b=vQwipTpPuSmZ+uQerM950KEkfxBNYEIk3x1OXb0O4xCw9RSNf9QBAlUGX2dcxoXcAe
         Avkq0M/kS3txNs2J8Ahc/JsUS/wbuydxNHEOSGV8Ja/mM0iN5gVI772NKRuLrZYxRJVi
         ay+OSFJdigWpCxXijIsB3YoEvSUB71zE8tfTji+mpwnqihMOYcPNki2Kc4/BV9I8h+CI
         /R+0LDT0tQo1K2CdVruzVbTrSgr4TiK/YZp5wune0lc4FJxUk1IxUPasSGmZ7MPE2i87
         z4rYxP347OFHX4b7sN28sSiHWri2xnSk0ubNoGBwnp7JIh/OBmIsgJ/VjR4qz8I3CBCy
         rz9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:to:in-reply-to:cc:from:subject:message-id:date
         :user-agent:mime-version:content-language:content-transfer-encoding;
        bh=BSiY41WUZOTJX6QSlHgyNV/xoUIDQJyY1QmOU7z+YQ0=;
        b=uTa/jemuT2MjRFNQ6b5oe9ZX7MS5Ml5D2pJfd1qkREOULKq+eYp0gpMl2f6p4j39ah
         /Nrpgo40uEtWTp/WKt1LSr/Odcr7hp2WpB27K4/6rStw0DZop9mGGvVeSLC7Ri3tux9A
         KDR9P4FqgSwkME6g+Xgq6JeXwrn2FUiNQcQwpEbCfDMOzo3HejTlPri+oIBUz8GZds62
         JrIuOakHo1ytphPZlmq71SGQ5Z0l/AWvH2Dsx1I3dl5RbjMM3UbjEihkLG77XcjbuA1i
         v6j+lxEPRrS+jdHzeiFnIdy/1S2ezJ5mV/qGHkwwC21EqM8OLPgySBf6qzOsJa6ZJRTB
         xX+Q==
X-Gm-Message-State: APjAAAUK8tY1N78yZV0jPiCL5AyBEQLbQLsvAALd2pncHiErsI1nNXsA
        yDn4MYjAd7VS7RIn1fm6Ix0=
X-Received: by 2002:aa7:80c8:: with SMTP id a8mr43264095pfn.193.1552453251297;
        Tue, 12 Mar 2019 22:00:51 -0700 (PDT)
Received: from ?IPv6:2405:204:a4ad:ea32:8a86:7e8d:4ca:6fc7? ([2405:204:a4ad:ea32:8a86:7e8d:4ca:6fc7])
        by smtp.gmail.com with ESMTPSA id o2sm24654602pfa.76.2019.03.12.22.00.47
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 12 Mar 2019 22:00:50 -0700 (PDT)
To:     christian@brauner.io
In-Reply-To: 
Cc:     torvalds@linux-foundation.org, arnd@arndb.de,
        linux-kernel@vger.kernel.org, x86@kernel.org, tglx@linuxtronix.de
From:   Jonathon Kowalski <bl0pbl33p@gmail.com>
Subject: [GIT PULL RESEND] pidfd changes for v5.1-rc1
Message-ID: <d5a0a45e-77c3-afc7-fed2-8453d8e95bb4@gmail.com>
Date:   Wed, 13 Mar 2019 05:00:57 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

Thanks for the work on this system call! I am interested in making use 
of it in my process supervisor. It works pretty well and avoids the 
long-standing issue of PID reuse.

One thing that instantly came to mind is to be able to delegate killing 
to some third process depending on the confguration. However, I don't 
see that permissions are attached to the open file description, but 
seemed to be checked when calling pidfd_send_signal as they are with 
kill(2). Is there any particular reason this was avoided? For instance, 
if a process with CAP_KILL opens the procfd, shouldn't any process that 
uses a descriptor pointing to this same file description be permitted to 
send signals? It would be a lot more useful that way.

There doesn't seem to much benefit of using file descriptors for 
processes otherwise if cannot use them that way, apart from PID reuse.

So, is something like this on the roadmap in the future, and if not, 
what was the reason it was avoided? I don't see a problem with using 
CAP_KILL to not check permissions at call time, otherwise I can see why 
it would be a problem in general (because processes can change credentials).

Regards,
Jonathon Kowalski