Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp442585ybk; Fri, 15 May 2020 05:00:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzQkXfDfaIWAUg6OAQV1MqBmA3XUXH5nfV8jv40z770rffD/pofAEhmNEirKxUzK31MTam7 X-Received: by 2002:a05:6402:c0e:: with SMTP id co14mr2305852edb.177.1589544020105; Fri, 15 May 2020 05:00:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589544020; cv=none; d=google.com; s=arc-20160816; b=bRp5N1HZXS8FHakpo3HfsR7VsKv0nt4+rrYlNR8MBUWcs0lGMDObZ338oigrlPa2ka sPvEA6ZijgA8hKMvbTS+QHpRPIH91nT0g6aQ26w+LFrrvcHYFJLLAmaDdx2GLIQDGqCL RHutdbxzTdrus8dshTSuh0b61VQvovbUtiOSviERYsW0cUml7CTdds5JC8QtD+WejuPE 3HbrUHigwUQvc5X+B0ZSOhi4+MgiUatZ0tBNA405sWUzWM0+8Je1yJymjOPASKTedj0T BnjW3HHtdV35qTpy4vVqGuJ5YKefTL1LViN7jRjP5pj3N1N0yVvHM6AHW1EHB8aIX7oe jQIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=ki4BYQmuQQuoiK73wvXyoXdN97nYWBAvd/jrLEjzOC4=; b=uZaUPJrcZLcB+0TwHuIijRWTRStcqzWYvQsHk3tltm8XHO5Zfgx0TNfjXDgPL/dzg/ Pj3MO4w8+SgNgNngRQkyPoPDC4lXKHa+BLmvVP+DyQ8carigSVWdAMf4ZjimPnRZBQHU plqckaXZWY5H/QxcR1S22zYdYCNVJpORLfqgrmSrjrtBfJto4jWPgUNCB6ayKRwUGExJ qIebxw3CFBVYLVf7YMDQoUm4ltWf+fa6PyERYUfdvcIPLoyrxNofT6tmHl9fQ0ZBX/Y0 sAvVwkblghgXbJ682Vq02g5MBiWM84Bd8X8GoQskGPi2VE8sYp8iPLYIP8kykZVViDtw y+BA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t11si936437edt.523.2020.05.15.04.59.53; Fri, 15 May 2020 05:00:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726166AbgEOL60 (ORCPT + 99 others); Fri, 15 May 2020 07:58:26 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:52914 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726118AbgEOL60 (ORCPT ); Fri, 15 May 2020 07:58:26 -0400 Received: from ip5f5af183.dynamic.kabel-deutschland.de ([95.90.241.131] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jZYys-0000GF-HN; Fri, 15 May 2020 11:58:22 +0000 Date: Fri, 15 May 2020 13:58:21 +0200 From: Christian Brauner To: Sargun Dhillon Cc: Tycho Andersen , LKML , Linux Containers , Linux API , Linux FS-devel Mailing List Subject: Re: [PATCH 3/4] seccomp: Add SECCOMP_USER_NOTIF_FLAG_PIDFD to get pidfd on listener trap Message-ID: <20200515115821.5qvkaeuxzklhikuo@wittgenstein> References: <20200124091743.3357-1-sargun@sargun.me> <20200124091743.3357-4-sargun@sargun.me> <20200124180332.GA4151@cisco> <20200126054256.GB4151@cisco> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 15, 2020 at 04:49:14AM -0700, Sargun Dhillon wrote: > On Sat, Jan 25, 2020 at 9:42 PM Tycho Andersen wrote: > > > On Fri, Jan 24, 2020 at 12:09:37PM -0800, Sargun Dhillon wrote: > > > On Fri, Jan 24, 2020 at 10:03 AM Tycho Andersen wrote: > > > > > > > > On Fri, Jan 24, 2020 at 01:17:42AM -0800, Sargun Dhillon wrote: > > > > > Currently, this just opens the group leader of the thread that > > triggere > > > > > the event, as pidfds (currently) are limited to group leaders. > > > > > > > > I don't love the semantics of this; when they're not limited to thread > > > > group leaders any more, we won't be able to change this. Is that work > > > > far off? > > > > > > > > Tycho > > > > > > We would be able to change this in the future if we introduced a flag > > like > > > SECCOMP_USER_NOTIF_FLAG_PIDFD_THREAD which would send a > > > pidfd that's for the thread, and not just the group leader. The flag > > could > > > either be XOR with SECCOMP_USER_NOTIF_FLAG_PIDFD, or > > > could require both. Alternatively, we can rename > > > SECCOMP_USER_NOTIF_FLAG_PIDFD to > > > SECCOMP_USER_NOTIF_FLAG_GROUP_LEADER_PIDFD. > > > > Ok, but then isn't this just another temporary API? Seems like it's > > worth waiting until the Right Way exists. > > > > Tycho > > > > It's been a few months. It does not appear like much progress has been made > moving away from > pidfd being only useful for leaders. > > I would either like to respin this patch, or at a minimum, include the > process group leader pid number > in the seccomp notification, to simplify things for tracers. I'd prefer if you went with the second option where you include the process group leader pid number. I'm against adding countless ways of producing pidfds through various unrelated apis. The api is still quite fresh so I'd like to not overdo it. Christian