[$] As ye clone(), so shall ye AUTOREAP

The facilities provided by the kernel for the management of processes haveevolved considerably in the last few years, driven mostly by the advent ofthe pidfd API. A pidfd is a filedescriptor that refers to a process; unlike a process ID, a pidfd is anunambiguous handle for a process; that makes it a safer, more deterministicway of operating on processes. Christian Brauner, who has driven much ofthe pidfd-related work, is proposingtwo new flags for the clone3()system call, one of which changes the kernel's security model in asomewhat controversial way.