Sebastian WickMay 24

Hey peanut gallery! systemd-appd explained in a few sentences: https://blog.sebastianwick.net/posts/so-peerpidfd-gets-more-useful/

I will not take questions.

SO_PEERPIDFD Gets More Useful

A while ago I wrote about the limited usefulness of SO_PEERPIDFD. for authenticating sandboxed applications. The core problem was simple: while pidfds gave us a race-free way to identify a process, we still had no standardized way to figure out what that process actually was - which sandbox it ran in, what application it represented, or what permissions it should have. The situation has improved considerably since then. cgroup xattrs Cgroups now support user extended attributes. This feature allows arbitrary metadata to be attached to cgroup inodes using standard xattr calls.

swick's blog
Show threadScorpion8741
@swick This is confusing. The blog post does not even mention the name systemd-appd. But it mentions that the method does not depend on systemd, nevertheless you name it systemd-appd. Is there some repo where we can have a look at it?
May 25 at 9:48amWeb