| Message ID | 20230316131526.283569-1-aleksandr.mikhalitsyn@canonical.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add SCM_PIDFD and SO_PEERPIDFD | expand |
On Thu, 2023-03-16 at 14:15 +0100, Alexander Mikhalitsyn wrote: > 1. Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS, > but it contains pidfd instead of plain pid, which allows programmers not > to care about PID reuse problem. > > 2. Add SO_PEERPIDFD which allows to get pidfd of peer socket holder pidfd. > This thing is direct analog of SO_PEERCRED which allows to get plain PID. > > 3. Add SCM_PIDFD / SO_PEERPIDFD kselftest > > Idea comes from UAPI kernel group: > https://uapi-group.org/kernel-features/ > > Big thanks to Christian Brauner and Lennart Poettering for productive > discussions about this. > > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: Paolo Abeni <pabeni@redhat.com> > Cc: Leon Romanovsky <leon@kernel.org> > Cc: David Ahern <dsahern@kernel.org> > Cc: Arnd Bergmann <arnd@arndb.de> > Cc: Kees Cook <keescook@chromium.org> > Cc: Christian Brauner <brauner@kernel.org> > > Alexander Mikhalitsyn (3): > scm: add SO_PASSPIDFD and SCM_PIDFD > net: core: add getsockopt SO_PEERPIDFD > selftests: net: add SCM_PIDFD / SO_PEERPIDFD test I've implemented support for this in dbus-daemon: https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/398 It's working very well. I am also working on the dbus-broker and polkit side of things, will share the links here once they are in a reviewable state. But the dbus-daemon implementation is enough to meaningfully test this. For the series: Tested-by: Luca Boccassi <bluca@debian.org>
On Mon, 20 Mar 2023 at 14:35, Luca Boccassi <bluca@debian.org> wrote: > > On Thu, 2023-03-16 at 14:15 +0100, Alexander Mikhalitsyn wrote: > > 1. Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS, > > but it contains pidfd instead of plain pid, which allows programmers not > > to care about PID reuse problem. > > > > 2. Add SO_PEERPIDFD which allows to get pidfd of peer socket holder pidfd. > > This thing is direct analog of SO_PEERCRED which allows to get plain PID. > > > > 3. Add SCM_PIDFD / SO_PEERPIDFD kselftest > > > > Idea comes from UAPI kernel group: > > https://uapi-group.org/kernel-features/ > > > > Big thanks to Christian Brauner and Lennart Poettering for productive > > discussions about this. > > > > Cc: "David S. Miller" <davem@davemloft.net> > > Cc: Eric Dumazet <edumazet@google.com> > > Cc: Jakub Kicinski <kuba@kernel.org> > > Cc: Paolo Abeni <pabeni@redhat.com> > > Cc: Leon Romanovsky <leon@kernel.org> > > Cc: David Ahern <dsahern@kernel.org> > > Cc: Arnd Bergmann <arnd@arndb.de> > > Cc: Kees Cook <keescook@chromium.org> > > Cc: Christian Brauner <brauner@kernel.org> > > > > Alexander Mikhalitsyn (3): > > scm: add SO_PASSPIDFD and SCM_PIDFD > > net: core: add getsockopt SO_PEERPIDFD > > selftests: net: add SCM_PIDFD / SO_PEERPIDFD test > > I've implemented support for this in dbus-daemon: > > https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/398 > > It's working very well. I am also working on the dbus-broker and polkit > side of things, will share the links here once they are in a reviewable > state. But the dbus-daemon implementation is enough to meaningfully > test this. > > For the series: > > Tested-by: Luca Boccassi <bluca@debian.org> Polkit changes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/154