On Sun, Jan 04, 2026 at 09:05:09PM +0300, Vitaliy Makkoveev wrote: > On Sun, Jan 04, 2026 at 06:45:29PM +0100, Rafael Sadowski wrote: > > On Sun Jan 04, 2026 at 10:06:01AM -0700, Theo de Raadt wrote: > > > > alternatively for a port, we can patch to hardcode the path. > > > > > > I don't think that's the way to handle this. > > > > > > It is better to dynamically remember the path, in userland, when the > > > filename open succeeds. Just copy it at that point, in userland. > > > > Welcome to the world of Linux(tm) Wayland. > > > > That was also my case. In KWin, the class "ClientConnection::" uses > > wl_client_get_credentials() to find out what the client's path is (or > > was at the start) in order to restrictions the DBus communications > > from/to this client. > > > > https://wayland.freedesktop.org/docs/html/apc.html: > > wl_client_get_credentials - Return Unix credentials for the client. > > > > void wl_client_get_credentials(const struct wl_client *client, pid_t > > *pid, uid_t *uid, gid_t *gid) > > > > client > > The display object > > pid > > Returns the process ID > > uid > > Returns the user ID > > gid > > Returns the group ID > > > > This function returns the process ID, the user ID and the group ID > > for the given client. The credentials come from getsockopt() with > > SO_PEERCRED, on the client socket fd. All the pointers can be NULL, > > if the caller is not interested in a particular ID. > > > > Note, process IDs are subject to race conditions and are not a reliable > > way to identify a client. > > > > Be aware that for clients that a compositor forks and execs and then > > connects using socketpair(), this function will return the > > credentials for the compositor. The credentials for the socketpair > > are set at creation time in the compositor. > > > > This should be implemented in unix(4) sockets layer. >
I was about SCM_CREDS, the same as SO_PEERCRED but obtained through internalize/externalize path. As I understand, KERN_PROC_PATHNAME is the path of binary from which this process was created at exec*() time. No guarantees that this path is still valid. The only way to implement is to store that path within 'process' structure. But do we need to pollute kernel space with this useless data? Each process has `ps_comm' data, isn't it enough to you?
