diff --git a/TODO b/TODO
index 252d25afd6..4f77391f62 100644
--- a/TODO
+++ b/TODO
@@ -128,9 +128,6 @@ Features:
also raises the question whether such sessions shall be considered active or
not
-* Add PassPidFileDescriptor= similar in style to PassCredentials= to .socket
- units
-
* automatically reset specific EFI vars on factory reset (make this generic
enough so that infrac can be used to erase shim's mok vars?)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index fd7bbab513..814400ad43 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -4907,6 +4907,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassCredentials = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly b PassPIDFD = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassSecurity = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PassPacketInfo = ...;
@@ -5576,6 +5578,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
+
+
@@ -6178,6 +6182,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
+
+
@@ -12092,6 +12098,7 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
ProtectControlGroupsEx, and
PrivatePIDs were added in version 257.
ProtectHostnameEx,
+ PassPIDFD,
DelegateNamespaces, and
RemoveSubgroup() were added in version 258.
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index b2779e84a2..b43f8e685b 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -742,6 +742,16 @@
process in an ancillary message. Defaults to .
+
+ PassPIDFD=
+
+ Takes a boolean value. This controls the SO_PASSPIDFD socket
+ option, which allows AF_UNIX sockets to receive the pidfd of the sending
+ process in an ancillary message. Defaults to .
+
+
+
+
PassSecurity=
Takes a boolean value. This controls the SO_PASSSEC socket
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index aeb6ae5fe1..b07b3c93c5 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -86,6 +86,7 @@ const sd_bus_vtable bus_socket_vtable[] = {
SD_BUS_PROPERTY("Transparent", "b", bus_property_get_bool, offsetof(Socket, transparent), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Broadcast", "b", bus_property_get_bool, offsetof(Socket, broadcast), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassCredentials", "b", bus_property_get_bool, offsetof(Socket, pass_cred), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("PassPIDFD", "b", bus_property_get_bool, offsetof(Socket, pass_pidfd), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassSecurity", "b", bus_property_get_bool, offsetof(Socket, pass_sec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("PassPacketInfo", "b", bus_property_get_bool, offsetof(Socket, pass_pktinfo), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Timestamping", "s", property_get_timestamping, offsetof(Socket, timestamping), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -191,6 +192,9 @@ static int bus_socket_set_transient_property(
if (streq(name, "PassCredentials"))
return bus_set_transient_bool(u, name, &s->pass_cred, message, flags, error);
+ if (streq(name, "PassPIDFD"))
+ return bus_set_transient_bool(u, name, &s->pass_pidfd, message, flags, error);
+
if (streq(name, "PassSecurity"))
return bus_set_transient_bool(u, name, &s->pass_sec, message, flags, error);
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index 2330bc0f4c..e3c2333731 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -510,6 +510,7 @@ Socket.FreeBind, config_parse_bool,
Socket.Transparent, config_parse_bool, 0, offsetof(Socket, transparent)
Socket.Broadcast, config_parse_bool, 0, offsetof(Socket, broadcast)
Socket.PassCredentials, config_parse_bool, 0, offsetof(Socket, pass_cred)
+Socket.PassPIDFD, config_parse_bool, 0, offsetof(Socket, pass_pidfd)
Socket.PassSecurity, config_parse_bool, 0, offsetof(Socket, pass_sec)
Socket.PassPacketInfo, config_parse_bool, 0, offsetof(Socket, pass_pktinfo)
Socket.Timestamping, config_parse_socket_timestamping, 0, offsetof(Socket, timestamping)
diff --git a/src/core/socket.c b/src/core/socket.c
index 0b7228a86c..6d69d6cb42 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -610,6 +610,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
"%sTransparent: %s\n"
"%sBroadcast: %s\n"
"%sPassCredentials: %s\n"
+ "%sPassPIDFD: %s\n"
"%sPassSecurity: %s\n"
"%sPassPacketInfo: %s\n"
"%sTCPCongestion: %s\n"
@@ -631,6 +632,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, yes_no(s->transparent),
prefix, yes_no(s->broadcast),
prefix, yes_no(s->pass_cred),
+ prefix, yes_no(s->pass_pidfd),
prefix, yes_no(s->pass_sec),
prefix, yes_no(s->pass_pktinfo),
prefix, strna(s->tcp_congestion),
@@ -1076,6 +1078,13 @@ static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
log_socket_option_warning_errno(s, r, SO_PASSCRED);
}
+ if (s->pass_pidfd) {
+ r = setsockopt_int(fd, SOL_SOCKET, SO_PASSPIDFD, true);
+ if (r < 0)
+ log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
+ SOCKET_OPTION_WARNING_FORMAT_STR, "SO_PASSPIDFD");
+ }
+
if (s->pass_sec) {
r = setsockopt_int(fd, SOL_SOCKET, SO_PASSSEC, true);
if (r < 0)
diff --git a/src/core/socket.h b/src/core/socket.h
index f85448c484..99fcc0cbe6 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -131,6 +131,7 @@ typedef struct Socket {
bool transparent;
bool broadcast;
bool pass_cred;
+ bool pass_pidfd;
bool pass_sec;
bool pass_pktinfo;
SocketTimestamping timestamping;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index d18a9088d4..aebeaa15ce 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -2583,6 +2583,7 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
"Transparent",
"Broadcast",
"PassCredentials",
+ "PassPIDFD",
"PassSecurity",
"PassPacketInfo",
"ReusePort",