> On Apr 1, 2019, at 9:36 AM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > >> On Mon, Apr 1, 2019 at 4:41 AM Aleksa Sarai <cyphar@xxxxxxxxxx> wrote: >> >> Eric pitched a procfs2 which would *just* be the PIDs some time ago (in >> an attempt to make it possible one day to mount /proc inside a container >> without adding a bunch of masked paths), though it was just an idea and >> I don't know if he ever had a patch for it. > > I wonder if we really want a fill procfs2, or maybe we could just make > the pidfd readable (yes, it's a directory file descriptor, but we > could allow reading). There were patches to make procfs mount options work sensibly, and I think they got merged. So we could probably avoid a whole procfs2 by instead having it be procfs plus a special (maybe purely internal) mount option to restrict it.