Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sockopt::PeerPidfd (SO_PEERPIDFD) sockopt support to socket::sockopt #2620

Merged
merged 1 commit into from
Apr 11, 2025
Merged

Add sockopt::PeerPidfd (SO_PEERPIDFD) sockopt support to socket::sockopt #2620

merged 1 commit into from
Apr 11, 2025
+130 −0

Conversation

swick
Copy link
Contributor

@swick swick commented Mar 28, 2025
edited
Loading

What does this PR do

The existing PeerCredentials (SO_PEERCRED) sockopt provides the PID of the process connected to a socket, but PIDs are inherently racy, leading to confused deputy problems. The pidfd mechanism solves this by using a FD to refer to a process which the kernel can keep proper track of.

This patch implements Get/Set to be able to receive a FD from getsockopt and implements sockopt::PeerPidfd (SO_PEERPIDFD) returning an OwnedFd representing the process connected to the socket.

Checklist:

  • I have read CONTRIBUTING.md
  • I have written necessary tests and rustdoc comments
  • A change log has been added if this PR modifies nix's API

@swick swick force-pushed the wip/sopeerpidfd branch 7 times, most recently from 9d5c65e to 367019b Compare March 28, 2025 11:14
@swick
Add sockopt::PeerPidfd (SO_PEERPIDFD) sockopt support to socket::sockopt
a6ab252 
The existing PeerCredentials (SO_PEERCRED) sockopt provides the PID of
the process connected to a socket, but PIDs are inherently racy, leading
to confused deputy problems. The pidfd mechanism solves this by using a
FD to refer to a process which the kernel can keep proper track of.

This patch implements Get/Set<OwnedFd> to be able to receive a FD from
getsockopt and implements sockopt::PeerPidfd (SO_PEERPIDFD) returning an
OwnedFd representing the process connected to the socket.
@swick swick force-pushed the wip/sopeerpidfd branch from 367019b to a6ab252 Compare March 28, 2025 11:40
@swick swick mentioned this pull request Mar 31, 2025
Draft
@SteveLauC SteveLauC self-requested a review March 31, 2025 11:51
SteveLauC
SteveLauC approved these changes Apr 11, 2025
View reviewed changes
Copy link
Member

@SteveLauC SteveLauC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@SteveLauC SteveLauC added this pull request to the merge queue Apr 11, 2025
Merged via the queue into nix-rust:master with commit 684b79e Apr 11, 2025
40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SteveLauC SteveLauC SteveLauC approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@swick @SteveLauC