polkitd: use PIDFDs if available to track processes

PIDs can be recycled, so when possible it is best to try and use PIDFDs, which are pinned. Change polkitd's unixprocess class so that, if the PIDFD syscall is available, it does not store a PID but only the PIDFD, and gets the PID when required on the fly (which will intentionally fail if the process has disappeared, so that we avoid recycling races). In the future we will be able to get the PIDFD directly from D-Bus' GetConnectionCredentials() call, but for now get the FD from the PID. It does not completely close the window, but makes things significantly better already.
polkit-org · Aug 17, 2023 · 7f0d792 · 7f0d792
1 parent 1d1cdb3
commit 7f0d792
Show file tree

Hide file tree

Showing 7 changed files with 386 additions and 45 deletions.
diff --git a/meson.build b/meson.build
@@ -206,6 +206,8 @@ if enable_logind
 
   func = 'sd_uid_get_display'
   config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
+  func = 'sd_pidfd_get_session'
+  config_h.set10('HAVE_' + func.to_upper(), cc.has_function(func, dependencies: logind_dep))
 
   # systemd unit / service files
   systemd_systemdsystemunitdir = get_option('systemdsystemunitdir')
@@ -217,6 +219,8 @@ if enable_logind
 endif
 config_h.set('HAVE_LIBSYSTEMD', enable_logind)
 
+config_h.set('HAVE_PIDFD_OPEN', cc.get_define('SYS_pidfd_open', prefix: '#include <sys/syscall.h>') != '')
+
 # User for running polkitd
 polkitd_user = get_option('polkitd_user')
 config_h.set_quoted('POLKITD_USER', polkitd_user)