Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user... | linux-api

[PATCH v10 0/9] proc: modernize proc to support multiple private instances · Alexey Gladkov <hidden> · 2020-03-27
[PATCH v10 8/9] proc: use human-readable values for hidehid · Alexey Gladkov <hidden> · 2020-03-27
Re: [PATCH v10 8/9] proc: use human-readable values for hidehid · Kees Cook <hidden> · 2020-03-28
Re: [PATCH v10 8/9] proc: use human-readable values for hidehid · Alexey Gladkov <hidden> · 2020-03-28
Re: [PATCH v10 8/9] proc: use human-readable values for hidehid · Kees Cook <hidden> · 2020-03-28
Re: [PATCH v10 8/9] proc: use human-readable values for hidehid · Alexey Gladkov <hidden> · 2020-03-28
[PATCH v11 8/9] proc: use human-readable values for hidehid · Alexey Gladkov <hidden> · 2020-03-30
Re: [PATCH v11 8/9] proc: use human-readable values for hidehid · Kees Cook <hidden> · 2020-03-31
Re: [PATCH v11 8/9] proc: use human-readable values for hidehid · Jann Horn <jannh@google.com> · 2020-04-02
[PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount · Alexey Gladkov <hidden> · 2020-03-27
Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount · Kees Cook <hidden> · 2020-03-28
Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount · Alexey Gladkov <hidden> · 2020-03-28
Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount · Kees Cook <hidden> · 2020-03-28
Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount · Alexey Gladkov <hidden> · 2020-03-28
Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount · Kees Cook <hidden> · 2020-03-29
[PATCH v10 6/9] docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior · Alexey Gladkov <hidden> · 2020-03-27
[PATCH v10 2/9] proc: allow to mount many instances of proc in one pid namespace · Alexey Gladkov <hidden> · 2020-03-27
[PATCH v10 3/9] proc: move hide_pid, pid_gid from pid_namespace to proc_fs_info · Alexey Gladkov <hidden> · 2020-03-27
[PATCH v10 5/9] proc: add option to mount only a pids subset · Alexey Gladkov <hidden> · 2020-03-27
[PATCH v10 9/9] proc: use named enums for better readability · Alexey Gladkov <hidden> · 2020-03-27
[PATCH v10 4/9] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option · Alexey Gladkov <hidden> · 2020-03-27
Re: [PATCH v10 4/9] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option · Kees Cook <hidden> · 2020-03-28
Re: [PATCH v10 4/9] proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option · Alexey Gladkov <hidden> · 2020-03-28
[PATCH v10 1/9] proc: rename struct proc_fs_info to proc_fs_opts · Alexey Gladkov <hidden> · 2020-03-27

Re: [PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount

From: Kees Cook <hidden>
Date: 2020-03-28 21:53:55
Also in: linux-fsdevel, linux-security-module, lkml

On Sat, Mar 28, 2020 at 10:25:47PM +0100, Alexey Gladkov wrote:

On Sat, Mar 28, 2020 at 01:41:02PM -0700, Kees Cook wrote:
 > diff --git a/include/uapi/linux/proc_fs.h b/include/uapi/linux/proc_fs.h

quoted

new file mode 100644
index 000000000000..dc6d717aa6ec

--- /dev/null
+++ b/include/uapi/linux/proc_fs.h

@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _UAPI_PROC_FS_H
+#define _UAPI_PROC_FS_H
+
+/* definitions for hide_pid field */
+enum {
+	HIDEPID_OFF            = 0,
+	HIDEPID_NO_ACCESS      = 1,
+	HIDEPID_INVISIBLE      = 2,
+	HIDEPID_NOT_PTRACEABLE = 4,
+};
+
+#endif

-- 
2.25.2

Should the numeric values still be UAPI if there is string parsing now?

I think yes, because these are still valid hidepid= values.

But if we don't expose the values, we can do whatever we like with
future numbers (e.g. the "is this a value or a bit field?" question).

-- 
Kees Cook

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help