Re: [PATCH v8 10/11] docs: proc: add documentation for "hidepid=4" and... | linux-api

[PATCH v8 00/11] proc: modernize proc to support multiple private instances · Alexey Gladkov <hidden> · 2020-02-10
[PATCH v8 02/11] proc: add proc_fs_info struct to store proc information · Alexey Gladkov <hidden> · 2020-02-10
[PATCH v8 03/11] proc: move /proc/{self|thread-self} dentries to proc_fs_info · Alexey Gladkov <hidden> · 2020-02-10
Re: [PATCH v8 03/11] proc: move /proc/{self|thread-self} dentries to proc_fs_info · Andy Lutomirski <luto@kernel.org> · 2020-02-10
Re: [PATCH v8 03/11] proc: move /proc/{self|thread-self} dentries to proc_fs_info · Alexey Gladkov <hidden> · 2020-02-12
[PATCH v8 07/11] proc: flush task dcache entries from all procfs instances · Alexey Gladkov <hidden> · 2020-02-10
Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances · Linus Torvalds <torvalds@linux-foundation.org> · 2020-02-10
Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances · Al Viro <viro@zeniv.linux.org.uk> · 2020-02-10
Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances · Al Viro <viro@zeniv.linux.org.uk> · 2020-02-11
Re: [PATCH v8 07/11] proc: flush task dcache entries from all procfs instances · Alexey Gladkov <hidden> · 2020-02-12
[PATCH v8 10/11] docs: proc: add documentation for "hidepid=4" and "subset=pidfs" options and new mount behavior · Alexey Gladkov <hidden> · 2020-02-10
Re: [PATCH v8 10/11] docs: proc: add documentation for "hidepid=4" and "subset=pidfs" options and new mount behavior · Andy Lutomirski <luto@kernel.org> · 2020-02-10
Re: [PATCH v8 10/11] docs: proc: add documentation for "hidepid=4" and "subset=pidfs" options and new mount behavior · Alexey Gladkov <hidden> · 2020-02-12
[PATCH v8 11/11] proc: Move hidepid values to uapi as they are user interface to mount · Alexey Gladkov <hidden> · 2020-02-10
[PATCH v8 09/11] proc: add option to mount only a pids subset · Alexey Gladkov <hidden> · 2020-02-10
[PATCH v8 08/11] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option · Alexey Gladkov <hidden> · 2020-02-10
Re: [PATCH v8 08/11] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option · Jordan Glover <hidden> · 2020-02-10
Re: [PATCH v8 08/11] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option · Alexey Gladkov <hidden> · 2020-02-12
[PATCH v8 05/11] proc: add helpers to set and get proc hidepid and gid mount options · Alexey Gladkov <hidden> · 2020-02-10
Re: [PATCH v8 05/11] proc: add helpers to set and get proc hidepid and gid mount options · Andy Lutomirski <luto@kernel.org> · 2020-02-10
Re: [PATCH v8 05/11] proc: add helpers to set and get proc hidepid and gid mount options · Alexey Gladkov <hidden> · 2020-02-12
[PATCH v8 06/11] proc: support mounting procfs instances inside same pid namespace · Alexey Gladkov <hidden> · 2020-02-10
[PATCH v8 04/11] proc: move hide_pid, pid_gid from pid_namespace to proc_fs_info · Alexey Gladkov <hidden> · 2020-02-10
[PATCH v8 01/11] proc: Rename struct proc_fs_info to proc_fs_opts · Alexey Gladkov <hidden> · 2020-02-10

Re: [PATCH v8 10/11] docs: proc: add documentation for "hidepid=4" and "subset=pidfs" options and new mount behavior

From: Andy Lutomirski <luto@kernel.org>
Date: 2020-02-10 18:29:39
Also in: linux-fsdevel, linux-security-module, lkml

On Mon, Feb 10, 2020 at 7:06 AM Alexey Gladkov [off-list ref] wrote:

quoted hunk ↗ jump to hunk

Signed-off-by: Alexey Gladkov <redacted>
---
 Documentation/filesystems/proc.txt | 53 ++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index 99ca040e3f90..4741fd092f36 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt

@@ -50,6 +50,8 @@ Table of Contents
   4    Configuring procfs
   4.1  Mount options

+  5    Filesystem behavior
+
 ------------------------------------------------------------------------------
 Preface
 ------------------------------------------------------------------------------

@@ -2021,6 +2023,7 @@ The following mount options are supported:

        hidepid=        Set /proc/<pid>/ access mode.
        gid=            Set the group authorized to learn processes information.
+       subset=         Show only the specified subset of procfs.

 hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories
 (default).

@@ -2042,6 +2045,56 @@ information about running processes, whether some daemon runs with elevated
 privileges, whether other user runs some sensitive program, whether other users
 run any program at all, etc.

+hidepid=4 means that procfs should only contain /proc/<pid>/ directories
+that the caller can ptrace.

I have a couple of minor nits here.

First, perhaps we could stop using magic numbers and use words.
hidepid=ptraceable is actually comprehensible, whereas hidepid=4
requires looking up what '4' means.

Second, there is PTRACE_MODE_ATTACH and PTRACE_MODE_READ.  Which is it?

+
 gid= defines a group authorized to learn processes information otherwise
 prohibited by hidepid=.  If you use some daemon like identd which needs to learn
 information about processes information, just add identd to this group.

How is this better than just creating an entirely separate mount a
different hidepid and a different gid owning it?  In any event,
usually gid= means that this gid is the group owner of inodes.  Let's
call it something different.  gid_override_hidepid might be credible.
But it's also really weird -- do different groups really see different
contents when they read a directory?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help