Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp5259601ybl; Tue, 10 Dec 2019 03:11:49 -0800 (PST) X-Google-Smtp-Source: APXvYqzd17yZpO1ZW1g8uH/RwMi9XXPSoCxQcC+56pGyDVAwLaIiiGX6HyPr3uYXUtb4ii4lay/8 X-Received: by 2002:a05:6830:155a:: with SMTP id l26mr25590854otp.339.1575976309916; Tue, 10 Dec 2019 03:11:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575976309; cv=none; d=google.com; s=arc-20160816; b=eRBfLltMXXxJOhL47mPop+q6H5V85Kj0hmhqqqovKOW5bRDrsAz+LMqpxQbViBP+zU MkwJ4cLMj7jSyy1iMa+Hvm5EHd0qxExFLDAHFJf9c7GJ0ki/scTiaVFY9egwmj96435F OGvDEADEySO900uJsG2pGRqzeghThqsZJ8XUvgNP4z/qs1/AlfTuDlccPcLa8K+OjAw+ 9tzsoozTdBkWP6HP6WNzqATB+jABvVTLHIaTmR0+JXfeFJqYFoVRdIwktrREn0QyEh5L pzyK3JCvfLgHbZHL/Z+8FaNzQQ6QQiQRB7umtP1IYtTB/4Tz6FvA9HnO+Fwrx/GX75zc J1vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=opnjCni1mLSjQe7yxXGQ1uRM2NMBTldjEL56+kTOoO0=; b=APYoG9k6umlwADzaFZZd7jocfv25SLvd6vHsdEoT3eBkxgMVZCD9KNNYXplfSBXddH pjinnW0qOibOzTkNUDuQ1ziSLOz/8ezsZo73P3R4lmFzikEjoRZU6c3X5dg2iTG0N7QQ fEXKRYp1T2Hfw+z9iukcnbt0RXDhGQn06brUknncqM3cbu23VLu1/Bh8nbyNxZadHvF5 pVhaSbjt7QciSB3JNq6ejK9Y3ZMY3+r1Fq5AQVDBSh9IaQFzzx0+RcCjVrI+oz0BI2QR 0hKZP1TUn01sed/VfVON3ubqBjZwMM+XiG+HMc4uj80DO6HVDBCyhLtyatxdwnjT13eT N64Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y22si1747302oti.269.2019.12.10.03.11.37; Tue, 10 Dec 2019 03:11:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727257AbfLJLK7 (ORCPT + 99 others); Tue, 10 Dec 2019 06:10:59 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:54474 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727178AbfLJLK6 (ORCPT ); Tue, 10 Dec 2019 06:10:58 -0500 Received: from [79.140.114.95] (helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iedPp-0005d2-Be; Tue, 10 Dec 2019 11:10:53 +0000 Date: Tue, 10 Dec 2019 12:10:52 +0100 From: Christian Brauner To: Oleg Nesterov Cc: Sargun Dhillon , linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, tycho@tycho.ws, jannh@google.com, cyphar@cyphar.com, luto@amacapital.net, viro@zeniv.linux.org.uk, Jed Davis , Gian-Carlo Pascutto , Emilio Cobos =?utf-8?Q?=C3=81lvarez?= , Florian Weimer Subject: Re: [PATCH v2 4/4] samples: Add example of using PTRACE_GETFD in conjunction with user trap Message-ID: <20191210111051.j5opodgjalqigx6q@wittgenstein> References: <20191209070646.GA32477@ircssh-2.c.rugged-nimbus-611.internal> <20191209192959.GB10721@redhat.com> <20191209204635.GC10721@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20191209204635.GC10721@redhat.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [I'm expanding the Cc to a few Firefox and glibc people since we've been been talking about replacing SECCOMP_RET_TRAP with SECCOMP_RET_USER_NOTIF for a bit now because the useage of SECCOMP_RET_TRAP in the broker blocks desirable core glibc changes. Even if just for their lurking pleasure. :)] On Mon, Dec 09, 2019 at 09:46:35PM +0100, Oleg Nesterov wrote: > On 12/09, Christian Brauner wrote: > > > > >We can > > >add PTRACE_DETACH_ASYNC, but this makes me think that PTRACE_GETFD has > > >nothing > > >to do with ptrace. > > > > > >May be a new syscall which does ptrace_may_access() + get_task_file() > > >will make > > >more sense? > > > > > >Oleg. > > > > Once more since this annoying app uses html by default... > > > > But we can already do this right now and this is just an improvement. > > That's a bit rich for a new syscall imho... > > I agree, and I won't really argue... > > but the changelog in 2/4 says > > The requirement that the tracer has attached to the tracee prior to the > capture of the file descriptor may be lifted at a later point. > > so may be we should do this right now? I think so, yes. This doesn't strike me as premature optimization but rather as a core design questions. > > plus this part > > @@ -1265,7 +1295,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, > } > > ret = ptrace_check_attach(child, request == PTRACE_KILL || > - request == PTRACE_INTERRUPT); > + request == PTRACE_INTERRUPT || > + request == PTRACE_GETFD); > > actually means "we do not need ptrace, but we do not know where else we > can add this fd_install(get_task_file()). Right, I totally get your point and I'm not a fan of this being in ptrace() either. The way I see is is that the main use-case for this feature is the seccomp notifier and I can see this being useful. So the right place to plumb this into might just be seccomp and specifically on to of the notifier. If we don't care about getting and setting fds at random points of execution it might make sense to add new options to the notify ioctl(): #define SECCOMP_IOCTL_NOTIF_GET_FD SECCOMP_IOWR(3, ) #define SECCOMP_IOCTL_NOTIF_SET_FD SECCOMP_IOWR(4, ) which would let you get and set fds while the supervisee is blocked. Christian