On Mar 31, 2019, at 3:17 PM, Linus Torvalds [off-list ref] wrote:

quoted

On Sun, Mar 31, 2019 at 2:10 PM Christian Brauner [off-list ref] wrote:

I don't think that we want or can make them equivalent since that would
mean we depend on procfs.

Sure we can.

If /proc is enabled, then you always do that dance YOU ALREADY WROTE
THE CODE FOR to do the stupid ioctl.

And if /procfs isn't enabled, then you don't do that.

Ta-daa. Done. No stupid ioctl, and now /proc and pidfd_open() return
the same damn thing.

And guess what? If /proc isn't enabled, then obviously pidfd_open()
gives you the /proc-less thing, but at least there is no crazy "two
different file descriptors for the same thing" situation, because then
the /proc one doesn't exist.

I wish we could do this, and, in a clean design, it would be a no-brainer.  But /proc has too much baggage.  Just to mention two such things, there’s “net” and “../sys”.  This crud is why we have all kinds of crazy rules that prevent programs in sandboxes from making a new mounts and mounting /proc in it.  If we make it possible to clone a new process and this access /proc without having /proc mounted, we’ll open up a big can of worms.

Maybe we could have a sanitized view of /proc and make a pidfd be a directory fd pointing at that.