Re: [RFC 1/3] pidfd: allow pidfd_open() on non-thread-group leaders

From: Florian Weimer
Date: Thu Nov 30 2023 - 13:37:17 EST


* Tycho Andersen:

> From: Tycho Andersen <tandersen@xxxxxxxxxxx>
>
> We are using the pidfd family of syscalls with the seccomp userspace
> notifier. When some thread triggers a seccomp notification, we want to do
> some things to its context (munge fd tables via pidfd_getfd(), maybe write
> to its memory, etc.). However, threads created with ~CLONE_FILES or
> ~CLONE_VM mean that we can't use the pidfd family of syscalls for this
> purpose, since their fd table or mm are distinct from the thread group
> leader's. In this patch, we relax this restriction for pidfd_open().

Does this mean that pidfd_getfd cannot currently be used to get
descriptors for a TID if that TID doesn't happen to share its descriptor
set with the thread group leader?

I'd like to offer a userspace API which allows safe stashing of
unreachable file descriptors on a service thread.

Cc:ing Mathieu because of our previous discussions?

Thanks,
Florian