From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 10 Jun 2025 09:27:44 +0000 (+0200)
Subject: core/socket: add PassPIDFD=
X-Git-Tag: v258-rc1~301^2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35462aa14a425e12a839b24abb1db2d27835b4c6;p=thirdparty%2Fsystemd.git

core/socket: add PassPIDFD=
---

diff --git a/TODO b/TODO
index 252d25afd6a..4f77391f62d 100644
--- a/TODO
+++ b/TODO
@@ -128,9 +128,6 @@ Features:
   also raises the question whether such sessions shall be considered active or
   not
 
-* Add PassPidFileDescriptor= similar in style to PassCredentials= to .socket
-  units
-
 * automatically reset specific EFI vars on factory reset (make this generic
   enough so that infrac can be used to erase shim's mok vars?)
 
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index fd7bbab513c..814400ad43e 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -4907,6 +4907,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b PassCredentials = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+      readonly b PassPIDFD = ...;
+      @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b PassSecurity = ...;
       @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
       readonly b PassPacketInfo = ...;
@@ -5576,6 +5578,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <!--property PassCredentials is not documented!-->
 
+    <!--property PassPIDFD is not documented!-->
+
     <!--property PassSecurity is not documented!-->
 
     <!--property PassPacketInfo is not documented!-->
@@ -6178,6 +6182,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
 
     <variablelist class="dbus-property" generated="True" extra-ref="PassCredentials"/>
 
+    <variablelist class="dbus-property" generated="True" extra-ref="PassPIDFD"/>
+
     <variablelist class="dbus-property" generated="True" extra-ref="PassSecurity"/>
 
     <variablelist class="dbus-property" generated="True" extra-ref="PassPacketInfo"/>
@@ -12092,6 +12098,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
       <varname>ProtectControlGroupsEx</varname>, and
       <varname>PrivatePIDs</varname> were added in version 257.</para>
       <para><varname>ProtectHostnameEx</varname>,
+      <varname>PassPIDFD</varname>,
       <varname>DelegateNamespaces</varname>, and
       <function>RemoveSubgroup()</function> were added in version 258.</para>
     </refsect2>
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index b2779e84a2f..b43f8e685bf 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -742,6 +742,16 @@
         process in an ancillary message. Defaults to <option>false</option>.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>PassPIDFD=</varname></term>
+
+        <listitem><para>Takes a boolean value. This controls the <constant>SO_PASSPIDFD</constant> socket
+        option, which allows <constant>AF_UNIX</constant> sockets to receive the pidfd of the sending
+        process in an ancillary message. Defaults to <option>false</option>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>PassSecurity=</varname></term>
         <listitem><para>Takes a boolean value. This controls the <constant>SO_PASSSEC</constant> socket
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index aeb6ae5fe11..b07b3c93c53 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -86,6 +86,7 @@ const sd_bus_vtable bus_socket_vtable[] = {
         SD_BUS_PROPERTY("Transparent", "b", bus_property_get_bool, offsetof(Socket, transparent), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("Broadcast", "b", bus_property_get_bool, offsetof(Socket, broadcast), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PassCredentials", "b", bus_property_get_bool, offsetof(Socket, pass_cred), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_PROPERTY("PassPIDFD", "b", bus_property_get_bool, offsetof(Socket, pass_pidfd), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PassSecurity", "b", bus_property_get_bool, offsetof(Socket, pass_sec), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("PassPacketInfo", "b", bus_property_get_bool, offsetof(Socket, pass_pktinfo), SD_BUS_VTABLE_PROPERTY_CONST),
         SD_BUS_PROPERTY("Timestamping", "s", property_get_timestamping, offsetof(Socket, timestamping), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -191,6 +192,9 @@ static int bus_socket_set_transient_property(
         if (streq(name, "PassCredentials"))
                 return bus_set_transient_bool(u, name, &s->pass_cred, message, flags, error);
 
+        if (streq(name, "PassPIDFD"))
+                return bus_set_transient_bool(u, name, &s->pass_pidfd, message, flags, error);
+
         if (streq(name, "PassSecurity"))
                 return bus_set_transient_bool(u, name, &s->pass_sec, message, flags, error);
 
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index 2330bc0f4cf..e3c23337319 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -510,6 +510,7 @@ Socket.FreeBind,                              config_parse_bool,
 Socket.Transparent,                           config_parse_bool,                                  0,                                  offsetof(Socket, transparent)
 Socket.Broadcast,                             config_parse_bool,                                  0,                                  offsetof(Socket, broadcast)
 Socket.PassCredentials,                       config_parse_bool,                                  0,                                  offsetof(Socket, pass_cred)
+Socket.PassPIDFD,                             config_parse_bool,                                  0,                                  offsetof(Socket, pass_pidfd)
 Socket.PassSecurity,                          config_parse_bool,                                  0,                                  offsetof(Socket, pass_sec)
 Socket.PassPacketInfo,                        config_parse_bool,                                  0,                                  offsetof(Socket, pass_pktinfo)
 Socket.Timestamping,                          config_parse_socket_timestamping,                   0,                                  offsetof(Socket, timestamping)
diff --git a/src/core/socket.c b/src/core/socket.c
index 0b7228a86cd..6d69d6cb425 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -610,6 +610,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
                 "%sTransparent: %s\n"
                 "%sBroadcast: %s\n"
                 "%sPassCredentials: %s\n"
+                "%sPassPIDFD: %s\n"
                 "%sPassSecurity: %s\n"
                 "%sPassPacketInfo: %s\n"
                 "%sTCPCongestion: %s\n"
@@ -631,6 +632,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
                 prefix, yes_no(s->transparent),
                 prefix, yes_no(s->broadcast),
                 prefix, yes_no(s->pass_cred),
+                prefix, yes_no(s->pass_pidfd),
                 prefix, yes_no(s->pass_sec),
                 prefix, yes_no(s->pass_pktinfo),
                 prefix, strna(s->tcp_congestion),
@@ -1076,6 +1078,13 @@ static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
                         log_socket_option_warning_errno(s, r, SO_PASSCRED);
         }
 
+        if (s->pass_pidfd) {
+                r = setsockopt_int(fd, SOL_SOCKET, SO_PASSPIDFD, true);
+                if (r < 0)
+                        log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
+                                            SOCKET_OPTION_WARNING_FORMAT_STR, "SO_PASSPIDFD");
+        }
+
         if (s->pass_sec) {
                 r = setsockopt_int(fd, SOL_SOCKET, SO_PASSSEC, true);
                 if (r < 0)
diff --git a/src/core/socket.h b/src/core/socket.h
index f85448c4840..99fcc0cbe65 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -131,6 +131,7 @@ typedef struct Socket {
         bool transparent;
         bool broadcast;
         bool pass_cred;
+        bool pass_pidfd;
         bool pass_sec;
         bool pass_pktinfo;
         SocketTimestamping timestamping;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index d18a9088d4d..aebeaa15ced 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -2583,6 +2583,7 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
                               "Transparent",
                               "Broadcast",
                               "PassCredentials",
+                              "PassPIDFD",
                               "PassSecurity",
                               "PassPacketInfo",
                               "ReusePort",