From: Alejandro Colomar <alx@kernel.org>
To: Vivian Wang <wangruikang@iscas.ac.cn>
Cc: linux-man@vger.kernel.org, Michael Kerrisk <mtk.manpages@gmail.com>
Subject: [dramforever@live.com: [PATCH] man/man5/proc_pid.5: Clarify which user namespace affects permissions]
Date: Wed, 18 Mar 2026 01:56:19 +0100 [thread overview]
Message-ID: <abn3rJaXlmU1Zr2i@devuan> (raw)
[-- Attachment #1: Type: text/plain, Size: 2212 bytes --]
Hi Vivian,
Can you please confirm this is you? I received this patch from an
address that doesn't match the one I see in your kernel commits, and
when I replied to <dramforever@live.com>, the message bounced. I'm just
checking. See patch from the @live.com address below.
Have a lovely night!
Alex
----- Forwarded message from Vivian Wang <dramforever@live.com> -----
Date: Mon, 16 Mar 2026 22:07:52 +0800
From: Vivian Wang <dramforever@live.com>
To: Alejandro Colomar <alx@kernel.org>
Cc: linux-man@vger.kernel.org, Michael Kerrisk <mtk.manpages@gmail.com>
Subject: [PATCH] man/man5/proc_pid.5: Clarify which user namespace affects
permissions
Message-ID: <OSCPR01MB134682A1A80B8C9FB71CBA64DC640A@OSCPR01MB13468.jpnprd01.prod.outlook.com>
User-Agent: Mozilla Thunderbird
A more careful reading of fs/proc/base.c (since v4.11, as of v7.0-rc1)
reveals that it is not task->cred->user_ns that is checked, but
task->mm->user_ns, which is set during execve(2) (and copied over in
fork(2) and so on) [1], and is the correct user namespace to check for
ptrace-related purposes. Clarify the relevant text.
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bfedb589252c01fa505ac9f6f2a3d5d68d707ef4
Fixes: ae636827 ("proc.5: Fix description of /proc/PID/* ownership to account for user namespaces")
Signed-off-by: Vivian Wang <dramforever@live.com>
---
man/man5/proc_pid.5 | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/man/man5/proc_pid.5 b/man/man5/proc_pid.5
index eac97fa1d..2fe35bd09 100644
--- a/man/man5/proc_pid.5
+++ b/man/man5/proc_pid.5
@@ -30,7 +30,9 @@ Before Linux 4.11,
meant the "global" root user ID and group ID
(i.e., UID 0 and GID 0 in the initial user namespace).
Since Linux 4.11,
-if the process is in a noninitial user namespace that has a
+if when the last time the process called
+.BR execve (2),
+it was in a noninitial user namespace that has a
valid mapping for user (group) ID 0 inside the namespace, then
the user (group) ownership of the files under
.IR /proc/ pid
--
2.53.0
----- End forwarded message -----
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2026-03-18 0:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-18 0:56 Alejandro Colomar [this message]
2026-03-18 1:43 ` [dramforever@live.com: [PATCH] man/man5/proc_pid.5: Clarify which user namespace affects permissions] Vivian Wang
2026-03-18 1:59 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abn3rJaXlmU1Zr2i@devuan \
--to=alx@kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=wangruikang@iscas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.