A new filesystem for pidfds (2024)
6 points by runxiyu
6 points by runxiyu
Chortle:
one of the advantages of the new filesystem is that it exposed pidfd operations to security modules, which is something that the policy maintainers had requested. The downside is that it exposed those operations to security modules, one of which promptly set about denying them.
Oh, I know this one! It's a copy of FreeBSD's process descriptors, which are inspired by Mach task handles.
For quite a while I thought that holding on to the pidfd makes the underlying PID not recycle. I appear to be wrong, and it does appear that /proc/pidfd_getpid(pidfd) is racy.