Re: [PATCH 4/5] seccomp: Add SECCOMP_ADDFD_FLAG_MOVE flag to add fd ioctl
From: Christian Brauner <hidden>
Date: 2020-05-25 14:20:48
Also in:
lkml
On Sun, May 24, 2020 at 04:39:41PM -0700, Sargun Dhillon wrote:
quoted hunk ↗ jump to hunk
Certain files, when moved to another process have metadata changed, such as netprioidx, and classid. This is the default behaviour in sending sockets with SCM_RIGHTS over unix sockets. Depending on the usecase, this may or may not be desirable with the addfd ioctl. This allows the user to opt-in. Signed-off-by: Sargun Dhillon <redacted> Suggested-by: Tycho Andersen <redacted> Cc: Matt Denton <redacted> Cc: Kees Cook <redacted>, Cc: Jann Horn <jannh@google.com>, Cc: Robert Sesek <redacted>, Cc: Chris Palmer <redacted> Cc: Christian Brauner <redacted> --- include/uapi/linux/seccomp.h | 8 ++++++++ kernel/seccomp.c | 31 +++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-)diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index 7d450a9e4c29..ccd1c960372a 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h@@ -115,6 +115,14 @@ struct seccomp_notif_resp { /* valid flags for seccomp_notif_addfd */ #define SECCOMP_ADDFD_FLAG_SETFD (1UL << 0) /* Specify remote fd */ +/* + * Certain file descriptors are behave differently depending on the process
"do behave"?
+ * they are created in. Specifcally, sockets, and their interactions with the + * net_cls and net_prio cgroup v1 controllers. This "moves" the file descriptor + * so that it takes on the cgroup controller's configuration in the process + * that the file descriptor is being added to. + */ +#define SECCOMP_ADDFD_FLAG_MOVE (1UL << 1)
I'm not happy about the name because "moving" has much more to do with transferring ownership than what we are doing here. After a "move" the fd shouldn't be valid anymore. But that might just be my thinking. But why make this opt-in and not do it exactly like when you send around fds and make this mandatory?