On Sun, Mar 31, 2019 at 03:16:47PM -0700, Linus Torvalds wrote:

On Sun, Mar 31, 2019 at 3:03 PM Christian Brauner [off-list ref] wrote:

quoted

Thanks for the input. The problem Jann and I saw with this is that it
would be awkward to have the kernel open a file in some procfs instance,
since then userspace would have to specify which procfs instance the fd
should come from.

I would actually suggest we just make the rules be that the
pidfd_open() always return the internal /proc entry regardless of any
mount-point (or any "hidepid") but also suggest that exactly *because*
it gives you visibility into the target pid, you'd basically require
the strictest kind of control of the process you're trying to get the
pidfd of.

Ie likely something along the lines of

        ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS)

I can live with that but I would like to hear what Jann thinks too if
that's ok.

Christian