Re: [PATCH v2 0/5] pid: add pidfd_open()

[Aleksa Sarai]

On 2019-03-31, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> > On Mar 31, 2019, at 3:17 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> >> On Sun, Mar 31, 2019 at 2:10 PM Christian Brauner <christian@xxxxxxxxxx> wrote:
> >> 
> >> I don't think that we want or can make them equivalent since that would
> >> mean we depend on procfs.
> > 
> > Sure we can.
> > 
> > If /proc is enabled, then you always do that dance YOU ALREADY WROTE
> > THE CODE FOR to do the stupid ioctl.
> > 
> > And if /procfs isn't enabled, then you don't do that.
> > 
> > Ta-daa. Done. No stupid ioctl, and now /proc and pidfd_open() return
> > the same damn thing.
> > 
> > And guess what? If /proc isn't enabled, then obviously pidfd_open()
> > gives you the /proc-less thing, but at least there is no crazy "two
> > different file descriptors for the same thing" situation, because then
> > the /proc one doesn't exist.
> > 
> 
> I wish we could do this, and, in a clean design, it would be a
> no-brainer.  But /proc has too much baggage.  Just to mention two such
> things, thereâs ânetâ and â../sysâ.  This crud is why we have all
> kinds of crazy rules that prevent programs in sandboxes from making a
> new mounts and mounting /proc in it.  If we make it possible to clone
> a new process and this access /proc without having /proc mounted,
> weâll open up a big can of worms.
> 
> Maybe we could have a sanitized view of /proc and make a pidfd be a
> directory fd pointing at that.

Eric pitched a procfs2 which would *just* be the PIDs some time ago (in
an attempt to make it possible one day to mount /proc inside a container
without adding a bunch of masked paths), though it was just an idea and
I don't know if he ever had a patch for it.

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Attachment: signature.asc
Description: PGP signature