From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tycho Andersen Subject: Re: [PATCH 3/4] seccomp: Add SECCOMP_USER_NOTIF_FLAG_PIDFD to get pidfd on listener trap Date: Sat, 25 Jan 2020 21:42:56 -0800 Message-ID: <20200126054256.GB4151@cisco> References: <20200124091743.3357-1-sargun@sargun.me> <20200124091743.3357-4-sargun@sargun.me> <20200124180332.GA4151@cisco> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Sargun Dhillon Cc: LKML , Linux Containers , Linux API , Linux FS-devel Mailing List , Christian Brauner List-Id: linux-api@vger.kernel.org On Fri, Jan 24, 2020 at 12:09:37PM -0800, Sargun Dhillon wrote: > On Fri, Jan 24, 2020 at 10:03 AM Tycho Andersen wrote: > > > > On Fri, Jan 24, 2020 at 01:17:42AM -0800, Sargun Dhillon wrote: > > > Currently, this just opens the group leader of the thread that triggere > > > the event, as pidfds (currently) are limited to group leaders. > > > > I don't love the semantics of this; when they're not limited to thread > > group leaders any more, we won't be able to change this. Is that work > > far off? > > > > Tycho > > We would be able to change this in the future if we introduced a flag like > SECCOMP_USER_NOTIF_FLAG_PIDFD_THREAD which would send a > pidfd that's for the thread, and not just the group leader. The flag could > either be XOR with SECCOMP_USER_NOTIF_FLAG_PIDFD, or > could require both. Alternatively, we can rename > SECCOMP_USER_NOTIF_FLAG_PIDFD to > SECCOMP_USER_NOTIF_FLAG_GROUP_LEADER_PIDFD. Ok, but then isn't this just another temporary API? Seems like it's worth waiting until the Right Way exists. Tycho