Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2348211rdb; Fri, 8 Dec 2023 05:49:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IG+CyLPtSdH2VD8rTZDU5sCKfGbvw/J7vmDp4wp0XICZ3v+UsWcSf4hlR+xDps15PNgi93k X-Received: by 2002:a05:6a20:3942:b0:187:3643:ecce with SMTP id r2-20020a056a20394200b001873643eccemr59608pzg.56.1702043347361; Fri, 08 Dec 2023 05:49:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702043347; cv=none; d=google.com; s=arc-20160816; b=WOZqFojUx0RZzk0DcW6z1bywh7jCKreF7vMCgadxX8EKcIoj2oL+Anh6dNibN3B+Tv G4Eoh5NC2OQxTD/m/50jzEajUKPhYu2xwB6xM5AjKAY7HcJvmB/RmX/teEu96NcROMeo 95CREJnYkO7NA0EPwCM+PlYQcrWQZy9wrA5Ua4pO5ZL+kX1iXID5mDaXbpg/St//j5LN zpQeYOzA9i1DyrYsF+pxa5mC0Xcxav2Fg+Cj17VcaOs6RMRnnJTFw6tCe3b1iQdVl/MU F6e/301CDNPBV2Y9k+y9QwFnHQEXBcAp4W/DXVr2b7sXZSx6a8+1VcVTifilvJpu5//i 9UdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=fRh7IzaaGKFqQfBp4CFsCjWtJ8SEkARE4y6Paznlt+4=; fh=6enFbOT7hOVDx9IY08XuMyRPNluylRtv7bRsbzVrU9M=; b=xzrVwNBzsL6cVI5Q2XFgTmjQ3wgMs3yyDZ7wSRej4GplDKCvcFxzRz8g0RcLsguP8n OlcHoxWV4zjQ1lVftls6M4IuRRuKPYGzkCyuqAkqVhbzUx4Wqw8LYzoPanJ5jlqg07Xy MFO0ctUnOtwFktlLhoTVZjZnCFUM1oTF4Ja0ijdrvJYUadq2ID3Omix34vpu1Atd5RNR Av7KqlseC4ApOVqtFNSJMJB1vzLmIts2sSudaysU0x8CwSy8heUXFSqGwXN131f4/xlM brOuDevq+3vEM/bsMShtwuk84F3zmcGtCMBOpbunnmJSIEaPuf1GjxmY4u7q/bhMmLuZ lmjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RvSOlLqA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id cj21-20020a056a00299500b006ce7f50fb6dsi1635630pfb.223.2023.12.08.05.49.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 05:49:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RvSOlLqA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id BBC6482CD614; Fri, 8 Dec 2023 05:49:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1573832AbjLHNsa (ORCPT + 99 others); Fri, 8 Dec 2023 08:48:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1573825AbjLHNs3 (ORCPT ); Fri, 8 Dec 2023 08:48:29 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 106621732 for ; Fri, 8 Dec 2023 05:48:36 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0D31C433C9; Fri, 8 Dec 2023 13:48:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702043315; bh=HKakyx8zq6fOmZMYXMir1ka2znDXEo4ataLQzc31ar4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RvSOlLqA2qq/XZBRLBixMaEvYWxt4NW3Lbbf2tJRbJnWW2vaiZptxhL0GhOW7ZTez 6AdtUtbjy2X6nFxvtSxXFxhhPK0V/RwrNvTTr4aTtdqOSBoaUgB3FT5kFpzp7AD5aa 7vhRx1i7jkWHdh+POPRxqmUX60WsoUnZZlxVuP3+jgL3qXcnMR9f4CszRcUbTS8h2j ltzQu8O3/IlR/DztllzO/q7/RfhEr4OhDIqasNEZtfKcytZVuHbtkPqnnlo+dvGXET h7790W94yku+ovP0+I9u5ZjjDu40FnVLp2usMbejEhdM5rfRgOGAb19mtxFBPcnsYf YfCnL0ZORHRhQ== Date: Fri, 8 Dec 2023 14:48:30 +0100 From: Christian Brauner To: Florian Weimer Cc: Mathieu Desnoyers , Tycho Andersen , linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Jan Kara , linux-fsdevel@vger.kernel.org, Jens Axboe Subject: Re: [RFC 1/3] pidfd: allow pidfd_open() on non-thread-group leaders Message-ID: <20231208-hitzig-charmant-6bbdc427bf7e@brauner> References: <20231130163946.277502-1-tycho@tycho.pizza> <874jh3t7e9.fsf@oldenburg.str.redhat.com> <87ttp3rprd.fsf@oldenburg.str.redhat.com> <20231207-entdecken-selektiert-d5ce6dca6a80@brauner> <87wmtog7ht.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87wmtog7ht.fsf@oldenburg.str.redhat.com> X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 08 Dec 2023 05:49:01 -0800 (PST) On Fri, Dec 08, 2023 at 02:15:58PM +0100, Florian Weimer wrote: > * Christian Brauner: > > > File descriptors are reachable for all processes/threads that share a > > file descriptor table. Changing that means breaking core userspace > > assumptions about how file descriptors work. That's not going to happen > > as far as I'm concerned. > > It already has happened, though? Threads are free to call > unshare(CLONE_FILES). I'm sure that we have applications out there that If you unshare a file descriptor table it will affect all file descriptors of a given task. We don't allow hiding individual or ranges of file descriptors from close/dup. That's akin to a partially shared file descriptor table which is conceptually probably doable but just plain weird and nasty to get right imho. This really is either LSM territory to block such operations or use stuff like io_uring gives you.