Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAEiveUe-_jQFe0c=RuW3g0DB6h0MvZcZr=4iB=Cs+XEQUN-C5g@mail.gmail.com>
Date: Fri, 31 Mar 2017 12:49:35 +0200
From: Djalal Harouni <tixxdz@...il.com>
To: Andy Lutomirski <luto@...capital.net>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...nel.org>, 
	Alexey Gladkov <gladkov.alexey@...il.com>, Al Viro <viro@...iv.linux.org.uk>, 
	"Eric W. Biederman" <ebiederm@...ssion.com>, Andrew Morton <akpm@...ux-foundation.org>, 
	Linux API <linux-api@...r.kernel.org>, "Kirill A. Shutemov" <kirill@...temov.name>, 
	Oleg Nesterov <oleg@...hat.com>, Pavel Emelyanov <xemul@...allels.com>, 
	James Bottomley <James.Bottomley@...senpartnership.com>, Kees Cook <keescook@...omium.org>, 
	Dongsu Park <dpark@...teo.net>, Ingo Molnar <mingo@...nel.org>, Michal Hocko <mhocko@...e.com>, 
	Alexey Dobriyan <adobriyan@...il.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, 
	LSM List <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH RFC 1/4] proc: add proc_fs_info struct to store proc options

On Thu, Mar 30, 2017 at 9:10 PM, Andy Lutomirski <luto@...capital.net> wrote:
> On Thu, Mar 30, 2017 at 8:22 AM, Djalal Harouni <tixxdz@...il.com> wrote:
>> This is a preparation patch that adds a proc_fs_info to be able to store
>> different procfs options. Right now some mount options are stored inside
>> the pid namespace which make multiple proc share the same mount options.
>> This patch will help also to fix this.
>>
>> Signed-off-by: Djalal Harouni <tixxdz@...il.com>
>
>>  static struct dentry *proc_mount(struct file_system_type *fs_type,
>>         int flags, const char *dev_name, void *data)
>>  {
>> +       int error;
>> +       struct super_block *sb;
>>         struct pid_namespace *ns;
>> +       struct proc_fs_info *fs_info;
>> +
>> +       if (!(flags & MS_KERNMOUNT) && !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
>> +               return ERR_PTR(-EPERM);
>
> Why is this check needed?

This is the same check that we used to have, from mount_ns(). I think
we have to keep the same semantics for now. Later we may adapt it
according to that suggestion of procfs with 'scope=x' mount options
feature where you want a specific feature of procfs that needs X
capability ?

>
>> diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
>> index 2d2bf59..e1cb9c3 100644
>> --- a/include/linux/proc_fs.h
>> +++ b/include/linux/proc_fs.h
>> @@ -6,11 +6,27 @@
>>
>>  #include <linux/types.h>
>>  #include <linux/fs.h>
>> +#include <linux/refcount.h>
>> +
>> +enum {
>> +       PROC_FS_V1      = 1,
>> +       PROC_FS_V2      = 2,
>> +};
>> +
>> +struct proc_fs_info {
>> +       refcount_t users;
>> +       struct pid_namespace *pid_ns;
>> +       kgid_t pid_gid;
>> +       int hide_pid;
>> +       int version;
>> +};
>
> What is version?

This is just a name to mirror 'unshare' option, please ignore it, I
will change the var name.

>
> Should this patch have just users and pid_ns and move the other stuff
> to patch 2?

Indeed, will fix it.

Thanks!

-- 
tixxdz

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.