Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4115926yba; Wed, 17 Apr 2019 05:05:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqxrgLzFTBCfNui1JDl8Qon+w0VdymJ+wFC/Hhp7jlQPJA9fro8zPDVM4aFkfn8pwcExv7pG X-Received: by 2002:a17:902:a9c7:: with SMTP id b7mr84846294plr.145.1555502719184; Wed, 17 Apr 2019 05:05:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555502719; cv=none; d=google.com; s=arc-20160816; b=MVAaZpKodO2/QvUC/clzzr7ZLFyccgdOZkgh+fkQ3vdPP6HmGWRVNQxUrsNDsKIl9v ou/b0YQ4adIw6l0i1oJgG/gsEJYA0HE15rdL7RM4we6nKjgTgvrXDMf4x8ih7TBpUz7V QBHY+1wm0eHMIhEFo0+D2j/VW9F8hrMJhrVt5gGETgxDChN5xwCi1zMlFjSwNXUxNmgl rt0ge7MWZAK1i6JTWhHm/Q3I79zE+gqk5Od/I1SKocqeGzs5HyEiK4pzIBigSz7PsoJI gf+ZtkLEqDkIPJ/+tKL9HQi5GBKJhs4eB3HCRxLChseohKIgyHQF0OndPCCBW5XoAsuu Wscw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject; bh=cvUTnh7Bd7tw5qd+ppOTNSVlrZUjQcILzH13KD20Hec=; b=DGNkE7q2thsA2Qzwe8x/4tuxu5qiwvcTlN3FTA5uMEk8Ws9hQ1C+3jQPDrBT9ZTDLZ 4mGRi6dFHRYA+igY7BWc++xtyi+n/46uoOaH2ZgrUkil7sQtG9QqZPAu/XG6fz0aD7y0 K5DDI896CuW8ghWNcNDtnHC1uA5MIwDF7LoIPUuRigvCzdAtgYxULbKT4hwRt3V2BuXl UhEPZeCsik8J3svONzsn9Im4J6rPT3DWsJmUNh0wyYfI2yhFGlclzT7zfuLSpN3in73v wRtBAPZUqHJCRkKTZt55FqQCh/99kFTSFtAqtbxYnt3fw4+/NTIhd4/k9BUDviCPf6kn nXzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s71si50535936pgs.561.2019.04.17.05.05.02; Wed, 17 Apr 2019 05:05:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731997AbfDQMEE (ORCPT + 99 others); Wed, 17 Apr 2019 08:04:04 -0400 Received: from mout.kundenserver.de ([217.72.192.75]:42159 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729578AbfDQMEE (ORCPT ); Wed, 17 Apr 2019 08:04:04 -0400 Received: from [192.168.1.110] ([95.117.89.119]) by mrelayeu.kundenserver.de (mreue109 [212.227.15.183]) with ESMTPSA (Nemesis) id 1Mnac7-1gXWi237uH-00jZ36; Wed, 17 Apr 2019 14:03:19 +0200 Subject: Re: RFC: on adding new CLONE_* flags [WAS Re: [PATCH 0/4] clone: add CLONE_PIDFD] To: Andy Lutomirski Cc: Aleksa Sarai , Christian Brauner , Linus Torvalds , Al Viro , Jann Horn , David Howells , Linux API , LKML , "Serge E. Hallyn" , Arnd Bergmann , "Eric W. Biederman" , Kees Cook , Thomas Gleixner , Michael Kerrisk , Andrew Morton , Oleg Nesterov , Joel Fernandes , Daniel Colascione References: <20190414201436.19502-1-christian@brauner.io> <20190415195911.z7b7miwsj67ha54y@yavin> From: "Enrico Weigelt, metux IT consult" Organization: metux IT consult Message-ID: Date: Wed, 17 Apr 2019 14:03:16 +0200 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:S6381OmZdIJPo14f04+kynwonZHVnZAMZunGyEEpDujyIA49q5i eaPD0ry9oTBiNONUezdHdoZWyqeJJwC7ha/lUiUSZLjpPIKcS5Ku3xUGzvI2g34og8R++V0 7MBNA1EeohnNXlkiT+ZCGutssGlxVCC5OHoMB75EUhS4octH9+I+DY7LS3O4VD7o/7vw1IZ lDIlxjCeJPzh+TpmCvplg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:6QTSXU9U/x0=:wbOvqRVDQMzVX2dvNaK7xT c/tSxEjSUcWWrxflOaDsKm+zbOXBZILyVxSO/phzMQJZU7007ikwslZeN8wEPI2AE8DybvYrZ X0hEHPEJLKWlbdvJUrg7zVepp0rIr/IgvcXMU9Qmbq3LtNHxrF0AcGvclgM5hXRKqvKplzt+a oE3mBNIDPQZG9T3Op/PzC4s3vhCFHzj0pooHK4yysv4V2ZEdrYPH71ymf6y8xww8WCIaGGonI aeIJAsqvqW4zwICB9dCD+W05YrBIWrvcks+d+7xCmkJX5QfQAKVPVcnf4N5XXdp8+nVWcw1Ur +GbFhKIbBe1JCdyblZByFqVTGWX575qp7OSefCc0WOICL0YiXIt5oVki+8hI0ue3xzqqph/QI zIiBvEaQsIzMiEhZM1Pz0l/YwmK5N1/7RcLIqJi/qBaEMt0h4lOkknf0sm3EbwCWf8OZsFlP9 77MSUZsVtJTys0ho07zSRsaAo6DBfeR+60piPa82duGkSJkhqTdr65uydi+izP/0SbCH9vI3B Zs9tbC4GrPzunzdPeYpzsiC0pUh/qbZ4GsjEs3S2Ou651P+k2r9Vr9/hT7LCUmGgpIqcxhwlC BYIY47tjhY2+q1fKYll52fYBXeEf+rWw7y75xg/mr0B87MCYuA2b0/itA2HLhLcPWpUt+ablf 2jqJiYiIAGpJGlp3jq8/javMY7oWpQhuIZDy3LhDxwaZq2DOw/FFeJtnZXpEU/NWfuZP+a1r/ mqilclcqCZIW8BALL6iNfYJAHlj3lA8o+SnJ2UGQeIVyPRBcJJlPIR7tusQ= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16.04.19 23:31, Andy Lutomirski wrote: >> How exactly would the pidfd improve this scenario ? >> IMHO, would just need to pass the inherited fd's to that daemon (eg. >> via unix socket) which then sets them up in the new child process. > > It makes it easier to wait until the privileged program exits. > Without pidfd, you can't just wait(2) because the program that gets > spawned isn't a child. Ah, that is a cool thing ! I suppose that also works across namespaces ? What other things can be done via pidfd ? >> But: how can we handle things like cgroups ? > > Find a secure way to tell the daemon what cgroups to use? hmm, do we have some fd-handle to cgroups ? In that case a process could send a handle of his cgroup to some other process (eg. some "login" deamon) allowing him to join in. We could look at cgroups more as kind of capabilities instead of limitations (eg. things like: members of cgroup "net-foo1" are granted n% of network bandwith, etc). That would open up completely new approaches to security and resource control :) It could go even further: anybody can create new cgroups within his own, narrow down some limits and pass this to some other agent that acts on behalf of him and is allowed to use his share of the system resources for that. --mtx -- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering info@metux.net -- +49-151-27565287