|
Message-Id: <20200419141057.621356-6-gladkov.alexey@gmail.com> Date: Sun, 19 Apr 2020 16:10:55 +0200 From: Alexey Gladkov <gladkov.alexey@...il.com> To: LKML <linux-kernel@...r.kernel.org> Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com>, Linux API <linux-api@...r.kernel.org>, Linux FS Devel <linux-fsdevel@...r.kernel.org>, Linux Security Module <linux-security-module@...r.kernel.org>, Akinobu Mita <akinobu.mita@...il.com>, Alexander Viro <viro@...iv.linux.org.uk>, Alexey Dobriyan <adobriyan@...il.com>, Alexey Gladkov <legion@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Andy Lutomirski <luto@...nel.org>, Daniel Micay <danielmicay@...il.com>, Djalal Harouni <tixxdz@...il.com>, "Dmitry V . Levin" <ldv@...linux.org>, "Eric W . Biederman" <ebiederm@...ssion.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Ingo Molnar <mingo@...nel.org>, "J . Bruce Fields" <bfields@...ldses.org>, Jeff Layton <jlayton@...chiereds.net>, Jonathan Corbet <corbet@....net>, Kees Cook <keescook@...omium.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Oleg Nesterov <oleg@...hat.com>, David Howells <dhowells@...hat.com> Subject: [PATCH v12 5/7] docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior Signed-off-by: Alexey Gladkov <gladkov.alexey@...il.com> Reviewed-by: Alexey Dobriyan <adobriyan@...il.com> Reviewed-by: Kees Cook <keescook@...omium.org> --- Documentation/filesystems/proc.rst | 54 ++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 38b606991065..360486c7a992 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -51,6 +51,8 @@ fixes/update part 1.1 Stefani Seibold <stefani@...bold.net> June 9 2009 4 Configuring procfs 4.1 Mount options + 5 Filesystem behavior + Preface ======= @@ -2142,6 +2144,7 @@ The following mount options are supported: ========= ======================================================== hidepid= Set /proc/<pid>/ access mode. gid= Set the group authorized to learn processes information. + subset= Show only the specified subset of procfs. ========= ======================================================== hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories @@ -2164,6 +2167,57 @@ information about running processes, whether some daemon runs with elevated privileges, whether other user runs some sensitive program, whether other users run any program at all, etc. +hidepid=4 means that procfs should only contain /proc/<pid>/ directories +that the caller can ptrace. + gid= defines a group authorized to learn processes information otherwise prohibited by hidepid=. If you use some daemon like identd which needs to learn information about processes information, just add identd to this group. + +subset=pid hides all top level files and directories in the procfs that +are not related to tasks. + +5 Filesystem behavior +---------------------------- + +Originally, before the advent of pid namepsace, procfs was a global file +system. It means that there was only one procfs instance in the system. + +When pid namespace was added, a separate procfs instance was mounted in +each pid namespace. So, procfs mount options are global among all +mountpoints within the same namespace. + +:: + +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=2 0 0 + +# strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc +mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 ++++ exited with 0 +++ + +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=2 0 0 +proc /tmp/proc proc rw,relatime,hidepid=2 0 0 + +and only after remounting procfs mount options will change at all +mountpoints. + +# mount -o remount,hidepid=1 -t proc proc /tmp/proc + +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=1 0 0 +proc /tmp/proc proc rw,relatime,hidepid=1 0 0 + +This behavior is different from the behavior of other filesystems. + +The new procfs behavior is more like other filesystems. Each procfs mount +creates a new procfs instance. Mount options affect own procfs instance. +It means that it became possible to have several procfs instances +displaying tasks with different filtering options in one pid namespace. + +# mount -o hidepid=2 -t proc proc /proc +# mount -o hidepid=1 -t proc proc /tmp/proc +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=2 0 0 +proc /tmp/proc proc rw,relatime,hidepid=1 0 0 -- 2.25.3
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.