From: Alexey Dobriyan <adobriyan@gmail.com>
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux API <linux-api@vger.kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
Linux Security Module <linux-security-module@vger.kernel.org>,
Akinobu Mita <akinobu.mita@gmail.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
"Dmitry V . Levin" <ldv@altlinux.org>,
"Eric W . Biederman" <ebiederm@xmission.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Ingo Molnar <mingo@kernel.org>,
"J . Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Solar Designer <solar@openwall.com>,
Stephen Rothwell <sfr@canb.auug.org.au>
Subject: Re: [PATCH v6 00/10] proc: modernize proc to support multiple private instances
Date: Mon, 6 Jan 2020 18:15:14 +0300 [thread overview]
Message-ID: <20200106151514.GA382@avx2> (raw)
In-Reply-To: <20191225125151.1950142-1-gladkov.alexey@gmail.com>
> hidepid= Set /proc/<pid>/ access mode.
> gid= Set the group authorized to learn processes information.
> + pidonly= Show only task related subset of procfs.
I'd rather have
mount -t proc -o set=pid
so that is can be naturally extended to
mount -t proc -o set=pid,sysctl,misc
> +static int proc_dir_open(struct inode *inode, struct file *file)
> +{
> + struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb);
> +
> + if (proc_fs_pidonly(fs_info) == PROC_PIDONLY_ON)
> + return -ENOENT;
> +
> + return 0;
> +}
> +
> /*
> * These are the generic /proc directory operations. They
> * use the in-memory "struct proc_dir_entry" tree to parse
> @@ -338,6 +357,7 @@ static const struct file_operations proc_dir_operations = {
> .llseek = generic_file_llseek,
> .read = generic_read_dir,
> .iterate_shared = proc_readdir,
> + .open = proc_dir_open,
This should not be necessary: if lookup and readdir filters work
then ->open can't happen.
> static int proc_reg_open(struct inode *inode, struct file *file)
> {
> + struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb);
> struct proc_dir_entry *pde = PDE(inode);
> int rv = 0;
> typeof_member(struct file_operations, open) open;
> typeof_member(struct file_operations, release) release;
> struct pde_opener *pdeo;
>
> + if (proc_fs_pidonly(fs_info) == PROC_PIDONLY_ON)
> + return -ENOENT;
Ditto. Can't open what can't be looked up.
> --- a/include/linux/proc_fs.h
> +++ b/include/linux/proc_fs.h
> +/* definitions for hide_pid field */
> +enum {
> + HIDEPID_OFF = 0,
> + HIDEPID_NO_ACCESS = 1,
> + HIDEPID_INVISIBLE = 2,
> + HIDEPID_NOT_PTRACABLE = 3, /* Limit pids to only ptracable pids */
> +};
These should live in uapi/ as they _are_ user interface to mount().
WARNING: multiple messages have this Message-ID (diff)
From: Alexey Dobriyan <adobriyan@gmail.com>
To: Alexey Gladkov <gladkov.alexey@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux API <linux-api@vger.kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
Linux Security Module <linux-security-module@vger.kernel.org>,
Akinobu Mita <akinobu.mita@gmail.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
"Dmitry V . Levin" <ldv@altlinux.org>,
"Eric W . Biederman" <ebiederm@xmission.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Ingo Molnar <mingo@kernel.org>,
"J . Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH v6 00/10] proc: modernize proc to support multiple private instances
Date: Mon, 6 Jan 2020 18:15:14 +0300 [thread overview]
Message-ID: <20200106151514.GA382@avx2> (raw)
In-Reply-To: <20191225125151.1950142-1-gladkov.alexey@gmail.com>
> hidepid= Set /proc/<pid>/ access mode.
> gid= Set the group authorized to learn processes information.
> + pidonly= Show only task related subset of procfs.
I'd rather have
mount -t proc -o set=pid
so that is can be naturally extended to
mount -t proc -o set=pid,sysctl,misc
> +static int proc_dir_open(struct inode *inode, struct file *file)
> +{
> + struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb);
> +
> + if (proc_fs_pidonly(fs_info) == PROC_PIDONLY_ON)
> + return -ENOENT;
> +
> + return 0;
> +}
> +
> /*
> * These are the generic /proc directory operations. They
> * use the in-memory "struct proc_dir_entry" tree to parse
> @@ -338,6 +357,7 @@ static const struct file_operations proc_dir_operations = {
> .llseek = generic_file_llseek,
> .read = generic_read_dir,
> .iterate_shared = proc_readdir,
> + .open = proc_dir_open,
This should not be necessary: if lookup and readdir filters work
then ->open can't happen.
> static int proc_reg_open(struct inode *inode, struct file *file)
> {
> + struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb);
> struct proc_dir_entry *pde = PDE(inode);
> int rv = 0;
> typeof_member(struct file_operations, open) open;
> typeof_member(struct file_operations, release) release;
> struct pde_opener *pdeo;
>
> + if (proc_fs_pidonly(fs_info) == PROC_PIDONLY_ON)
> + return -ENOENT;
Ditto. Can't open what can't be looked up.
> --- a/include/linux/proc_fs.h
> +++ b/include/linux/proc_fs.h
> +/* definitions for hide_pid field */
> +enum {
> + HIDEPID_OFF = 0,
> + HIDEPID_NO_ACCESS = 1,
> + HIDEPID_INVISIBLE = 2,
> + HIDEPID_NOT_PTRACABLE = 3, /* Limit pids to only ptracable pids */
> +};
These should live in uapi/ as they _are_ user interface to mount().
next prev parent reply other threads:[~2020-01-06 15:15 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-25 12:51 [PATCH v6 00/10] proc: modernize proc to support multiple private instances Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 01/10] proc: Rename struct proc_fs_info to proc_fs_opts Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 02/10] proc: add proc_fs_info struct to store proc information Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 03/10] proc: move /proc/{self|thread-self} dentries to proc_fs_info Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 04/10] proc: move hide_pid, pid_gid from pid_namespace " Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 05/10] proc: add helpers to set and get proc hidepid and gid mount options Alexey Gladkov
2019-12-25 23:06 ` kbuild test robot
2019-12-25 23:06 ` kbuild test robot
2019-12-25 23:06 ` kbuild test robot
2019-12-25 12:51 ` [PATCH v6 06/10] proc: support mounting procfs instances inside same pid namespace Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 07/10] proc: flush task dcache entries from all procfs instances Alexey Gladkov
2019-12-30 22:03 ` J Freyensee
2020-01-03 8:56 ` Alexey Gladkov
2020-01-03 8:56 ` Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 08/10] proc: instantiate only pids that we can ptrace on 'hidepid=3' mount option Alexey Gladkov
2019-12-25 12:51 ` [PATCH v6 09/10] proc: add option to mount only a pids subset Alexey Gladkov
2019-12-25 23:08 ` kbuild test robot
2019-12-25 23:08 ` kbuild test robot
2019-12-25 23:08 ` kbuild test robot
2019-12-25 12:51 ` [PATCH v6 10/10] docs: proc: add documentation for "hidepid=3" and "pidonly" options and new mount behavior Alexey Gladkov
2020-01-06 15:15 ` Alexey Dobriyan [this message]
2020-01-06 15:15 ` [PATCH v6 00/10] proc: modernize proc to support multiple private instances Alexey Dobriyan
2020-01-08 10:37 ` Alexey Gladkov
2020-01-08 10:37 ` Alexey Gladkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200106151514.GA382@avx2 \
--to=adobriyan@gmail.com \
--cc=akinobu.mita@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=corbet@lwn.net \
--cc=danielmicay@gmail.com \
--cc=ebiederm@xmission.com \
--cc=gladkov.alexey@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=jlayton@poochiereds.net \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=ldv@altlinux.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=solar@openwall.com \
--cc=tixxdz@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.