AW: [RESEND] RFC: pidfd_getfd(2) manual page

[Walter Harms]

________________________________________
Von: linux-man-owner@xxxxxxxxxxxxxxx <linux-man-owner@xxxxxxxxxxxxxxx> im Auftrag von Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx>
Gesendet: Mittwoch, 8. April 2020 10:32
An: Christian Brauner
Cc: Sargun Dhillon; linux-man; Linux API; lkml; Tycho Andersen; Jann Horn; Aleksa Sarai; Christian Brauner; Oleg Nesterov; Andy Lutomirski; Alexander Viro; jld@xxxxxxxxxxx; Arnd Bergmann; Florian Weimer; gpascutto@xxxxxxxxxxx; ealvarez@xxxxxxxxxxx
Betreff: Re: [RESEND] RFC: pidfd_getfd(2) manual page

Hello Christian,

On Wed, 8 Apr 2020 at 09:45, Christian Brauner
<christian.brauner@xxxxxxxxxx> wrote:
>
> On Tue, Apr 07, 2020 at 08:49:35PM +0200, Michael Kerrisk (man-pages) wrote:
> > [No response on my mail of a week ago, so I try again; the page
> > text is unchanged since the draft sent out on 31 March]
>
> Sorry for the delay.
>
> >
> > Hello Sargun et al.
> >
> > I've taken a shot at writing a manual page for pidfd_getfd().
> > I would be happy to receive comments, suggestions for
> > improvements, etc. The text is as follows (the groff source
> > is at the foot of this mail):
>
> Thanks for that! Really appreciated. Just a few nits below.

Thanks for the review!

> > NAME
> >        pidfd_getfd  -  obtain  a  duplicate  of  another  process's  file
> >        descriptor
> >
> > SYNOPSIS
> >        int pidfd_getfd(int pidfd, int targetfd, unsigned int flags);
> >
> > DESCRIPTION
> >        The pidfd_getfd() system call allocates a new file  descriptor  in
> >        the  calling  process.  This new file descriptor is a duplicate of
> >        an existing file descriptor, targetfd, in the process referred  to
> >        by the PID file descriptor pidfd.
> >
> >        The  duplicate  file  descriptor  refers  to  the  same  open file
> >        description (see open(2)) as the original file descriptor  in  the
> >        process referred to by pidfd.  The two file descriptors thus share
> >        file status flags and file offset.  Furthermore, operations on the
> >        underlying  file  object  (for  example, assigning an address to a
> >        socket object using bind(2)) can be equally be performed  via  the
>
> s/can be equally be performed/can be equally performed
> ?

Thanks. I made it: "can equally be performed"

> >        duplicate file descriptor.
> >
> >        The  close-on-exec  flag  (FD_CLOEXEC; see fcntl(2)) is set on the
> >        file descriptor returned by pidfd_getfd().
> >
> >        The flags argument is reserved for future use.  Currently, it must
> >        be specified as 0.
> >
> >        Permission  to duplicate another process's file descriptor is gov‐
> >        erned by a ptrace access mode  PTRACE_MODE_ATTACH_REALCREDS  check
> >        (see ptrace(2)).
> >
> > RETURN VALUE
> >        On  success,  pidfd_getfd() returns a nonnegative file descriptor.
>
> Imho, this makes it sound like there are negative file descriptor
> numbers. But as a non-native speaker that might just be a subtle
> misreading on my part. Maybe just like open() just mention:
> "On success, pidfd_getfd() returns a file descriptor."

You're right. That wording is just clumsy! I fixed it.

    On success, pidfd_getfd() returns a file descriptor (a
    nonnegative integer).

And I also fixed similar clumsy wordings in a number of other pages.


perhaps "greater or equal 0" instead on nonnegativ, people are
bad with negations.
re,
 wh

> >        On error, -1 is returned and errno is set to indicate the cause of
> >        the error.
> >
> > ERRORS
> >        EBADF  pidfd is not a valid PID file descriptor.
> >
> >        EBADF  targetfd  is  not  an  open  file descriptor in the process
> >               referred to by pidfd.
> >
> >        EINVAL flags is not 0.
> >
> >        EMFILE The per-process limit on the number of open  file  descrip‐
> >               tors has been reached (see the description of RLIMIT_NOFILE
> >               in getrlimit(2)).
> >
> >        ENFILE The system-wide limit on the total number of open files has
> >               been reached.
> >
> >        ESRCH  The  process  referred to by pidfd does not exist (i.e., it
> >               has terminated and been waited on).
>
> EPERM   The calling process did not have PTRACE_MODE_ATTACH_REALCREDS
>         permissions (see ptrace(2)) over the process referred to by
>         pidfd.

Oh yes. Thanks. Added.

> Technically, there should also be a disclaimer that other errno values
> are possible because of LSM denials, e.g. selinux could return EACCES or
> any other errno code in their file_receive() hook. But I'm not whether we
> generally do this. In any case, I would find it useful as a developer.

No, the manual pages don't generally include this. Mainly because I
just don't know all the details.

> (Is there actually a place where all LSMs are forced to record their
> errno returns for their security hooks for each syscall they hook into and
> that's visible to userspace? Because that'd be really useful...)

Nothing that I'm aware of, unfortunately.

Thanks again for the review!

Cheers,

Michael


--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/