RE: https://mastodon.social/@brauner/116071424787849407
I took it one step further and implemented both CLONE_AUTOREAP (now for non-pidfd as well) and CLONE_PIDFD_AUTOKILL (requires no new privileges for the child now):
https://patch.msgid.link/20260223-work-pidfs-autoreap-v4-0-e393c08c09d1@kernel.org