Thread (12 messages) 12 messages, 3 authors, 2017-03-31

[PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options

From: Djalal Harouni <hidden>
Date: 2017-03-31 10:49:41
Also in: linux-api, lkml 

On Thu, Mar 30, 2017 at 9:10 PM, Andy Lutomirski [off-list ref] wrote:
On Thu, Mar 30, 2017 at 8:22 AM, Djalal Harouni [off-list ref] wrote:
quoted
This is a preparation patch that adds a proc_fs_info to be able to store
different procfs options. Right now some mount options are stored inside
the pid namespace which make multiple proc share the same mount options.
This patch will help also to fix this.

Signed-off-by: Djalal Harouni <redacted>
quoted
 static struct dentry *proc_mount(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data)
 {
+       int error;
+       struct super_block *sb;
        struct pid_namespace *ns;
+       struct proc_fs_info *fs_info;
+
+       if (!(flags & MS_KERNMOUNT) && !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
+               return ERR_PTR(-EPERM);
Why is this check needed?
This is the same check that we used to have, from mount_ns(). I think
we have to keep the same semantics for now. Later we may adapt it
according to that suggestion of procfs with 'scope=x' mount options
feature where you want a specific feature of procfs that needs X
capability ?

quoted
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 2d2bf59..e1cb9c3 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -6,11 +6,27 @@

 #include <linux/types.h>
 #include <linux/fs.h>
+#include <linux/refcount.h>
+
+enum {
+       PROC_FS_V1      = 1,
+       PROC_FS_V2      = 2,
+};
+
+struct proc_fs_info {
+       refcount_t users;
+       struct pid_namespace *pid_ns;
+       kgid_t pid_gid;
+       int hide_pid;
+       int version;
+};
What is version?
This is just a name to mirror 'unshare' option, please ignore it, I
will change the var name.

Should this patch have just users and pid_ns and move the other stuff
to patch 2?
Indeed, will fix it.

Thanks!

-- 
tixxdz
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help