[RFC PATCH v1 0/6] proc: Add allowlist for procfs files

[Alexey Gladkov <legion@kernel.org>]

The patch expands subset= option. If the proc is mounted with the
subset=allowlist option, the /proc/allowlist file will appear. This file
contains the filenames and directories that are allowed for this
mountpoint. By default, /proc/allowlist contains only its own name.
Changing the allowlist is possible as long as it is present in the
allowlist itself.

This allowlist is applied in lookup/readdir so files that will create
modules after mounting will not be visible.

Compared to the previous patches [1][2], I switched to a special virtual
file from listing filenames in the mount options.

[1] https://lore.kernel.org/lkml/20200604200413.587896-1-gladkov.alexey@gmail.com/
[2] https://lore.kernel.org/lkml/YZvuN0Wqmn7XB4dX@localhost.localdomain/

Signed-off-by: Alexey Gladkov <legion@kernel.org>

---

Alexey Gladkov (6):
  proc: Fix separator for subset option
  proc: Add allowlist to control access to procfs files
  proc: Check that subset= option has been set
  proc: Allow to use the allowlist filter in userns
  proc: Validate incoming allowlist
  doc: proc: Add description of subset=allowlist

 Documentation/filesystems/proc.rst |  10 +
 fs/proc/Kconfig                    |  10 +
 fs/proc/Makefile                   |   1 +
 fs/proc/generic.c                  |  15 +-
 fs/proc/inode.c                    |  16 +-
 fs/proc/internal.h                 |  33 ++++
 fs/proc/proc_allowlist.c           | 300 +++++++++++++++++++++++++++++
 fs/proc/root.c                     |  36 +++-
 include/linux/proc_fs.h            |  18 +-
 9 files changed, 420 insertions(+), 19 deletions(-)
 create mode 100644 fs/proc/proc_allowlist.c

-- 
2.33.6