Re: [RESEND] RFC: pidfd_getfd(2) manual page
From: Christian Brauner
Date: Wed Apr 08 2020 - 03:45:09 EST
On Tue, Apr 07, 2020 at 08:49:35PM +0200, Michael Kerrisk (man-pages) wrote:
> [No response on my mail of a week ago, so I try again; the page
> text is unchanged since the draft sent out on 31 March]
Sorry for the delay.
>
> Hello Sargun et al.
>
> I've taken a shot at writing a manual page for pidfd_getfd().
> I would be happy to receive comments, suggestions for
> improvements, etc. The text is as follows (the groff source
> is at the foot of this mail):
Thanks for that! Really appreciated. Just a few nits below.
>
> NAME
> pidfd_getfd - obtain a duplicate of another process's file
> descriptor
>
> SYNOPSIS
> int pidfd_getfd(int pidfd, int targetfd, unsigned int flags);
>
> DESCRIPTION
> The pidfd_getfd() system call allocates a new file descriptor in
> the calling process. This new file descriptor is a duplicate of
> an existing file descriptor, targetfd, in the process referred to
> by the PID file descriptor pidfd.
>
> The duplicate file descriptor refers to the same open file
> description (see open(2)) as the original file descriptor in the
> process referred to by pidfd. The two file descriptors thus share
> file status flags and file offset. Furthermore, operations on the
> underlying file object (for example, assigning an address to a
> socket object using bind(2)) can be equally be performed via the
s/can be equally be performed/can be equally performed
?
> duplicate file descriptor.
>
> The close-on-exec flag (FD_CLOEXEC; see fcntl(2)) is set on the
> file descriptor returned by pidfd_getfd().
>
> The flags argument is reserved for future use. Currently, it must
> be specified as 0.
>
> Permission to duplicate another process's file descriptor is govâ
> erned by a ptrace access mode PTRACE_MODE_ATTACH_REALCREDS check
> (see ptrace(2)).
>
> RETURN VALUE
> On success, pidfd_getfd() returns a nonnegative file descriptor.
Imho, this makes it sound like there are negative file descriptor
numbers. But as a non-native speaker that might just be a subtle
misreading on my part. Maybe just like open() just mention:
"On success, pidfd_getfd() returns a file descriptor."
> On error, -1 is returned and errno is set to indicate the cause of
> the error.
>
> ERRORS
> EBADF pidfd is not a valid PID file descriptor.
>
> EBADF targetfd is not an open file descriptor in the process
> referred to by pidfd.
>
> EINVAL flags is not 0.
>
> EMFILE The per-process limit on the number of open file descripâ
> tors has been reached (see the description of RLIMIT_NOFILE
> in getrlimit(2)).
>
> ENFILE The system-wide limit on the total number of open files has
> been reached.
>
> ESRCH The process referred to by pidfd does not exist (i.e., it
> has terminated and been waited on).
EPERM The calling process did not have PTRACE_MODE_ATTACH_REALCREDS
permissions (see ptrace(2)) over the process referred to by
pidfd.
Technically, there should also be a disclaimer that other errno values
are possible because of LSM denials, e.g. selinux could return EACCES or
any other errno code in their file_receive() hook. But I'm not whether we
generally do this. In any case, I would find it useful as a developer.
(Is there actually a place where all LSMs are forced to record their
errno returns for their security hooks for each syscall they hook into and
that's visible to userspace? Because that'd be really useful...)
Christian