Re: [PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options

[PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace · Djalal Harouni <hidden> · 2017-03-30
[PATCH RFC 3/4] proc: support mounting new procfs instances inside same pid namespace · Djalal Harouni <hidden> · 2017-03-30
Re: [PATCH RFC 3/4] proc: support mounting new procfs instances inside same pid namespace · Andy Lutomirski <luto@amacapital.net> · 2017-03-30
[PATCH RFC 4/4] proc: support flushing dcache entries of a task on multiple procfs mounts · Djalal Harouni <hidden> · 2017-03-30
[PATCH RFC 2/4] proc: add helpers to set/get hidepid and gid mount options · Djalal Harouni <hidden> · 2017-03-30
[PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options · Djalal Harouni <hidden> · 2017-03-30
Re: [PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options · Andy Lutomirski <luto@amacapital.net> · 2017-03-30
Re: [PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options · Djalal Harouni <hidden> · 2017-03-31
Re: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace · Andy Lutomirski <luto@amacapital.net> · 2017-03-30
Re: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace · Djalal Harouni <hidden> · 2017-03-31
Re: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace · Alexey Gladkov <hidden> · 2017-03-30
Re: [PATCH RFC 0/4] proc: support multiple separate proc instances per pidnamespace · Djalal Harouni <hidden> · 2017-03-31

From: Andy Lutomirski <hidden>
Date: 2017-03-30 19:11:10
Also in: linux-security-module, lkml

On Thu, Mar 30, 2017 at 8:22 AM, Djalal Harouni [off-list ref] wrote:

This is a preparation patch that adds a proc_fs_info to be able to store
different procfs options. Right now some mount options are stored inside
the pid namespace which make multiple proc share the same mount options.
This patch will help also to fix this.

Signed-off-by: Djalal Harouni <redacted>

 static struct dentry *proc_mount(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data)
 {
+       int error;
+       struct super_block *sb;
        struct pid_namespace *ns;
+       struct proc_fs_info *fs_info;
+
+       if (!(flags & MS_KERNMOUNT) && !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
+               return ERR_PTR(-EPERM);

Why is this check needed?

quoted hunk ↗ jump to hunk

diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 2d2bf59..e1cb9c3 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h

@@ -6,11 +6,27 @@

 #include <linux/types.h>
 #include <linux/fs.h>
+#include <linux/refcount.h>
+
+enum {
+       PROC_FS_V1      = 1,
+       PROC_FS_V2      = 2,
+};
+
+struct proc_fs_info {
+       refcount_t users;
+       struct pid_namespace *pid_ns;
+       kgid_t pid_gid;
+       int hide_pid;
+       int version;
+};

What is version?

Should this patch have just users and pid_ns and move the other stuff
to patch 2?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help