The patch expands subset= option. If the proc is mounted with the subset=allowlist option, the /proc/allowlist file will appear. This file contains the filenames and directories that are allowed for this mountpoint. By default, /proc/allowlist contains only its own name. Changing the allowlist is possible as long as it is present in the allowlist itself. This allowlist is applied in lookup/readdir so files that will create modules after mounting will not be visible. Compared to the previous patches [1][2], I switched to a special virtual file from listing filenames in the mount options. [1] https://lore.kernel.org/lkml/20200604200413.587896-1-gladkov.alexey@xxxxxxxxx/ [2] https://lore.kernel.org/lkml/YZvuN0Wqmn7XB4dX@localhost.localdomain/ Signed-off-by: Alexey Gladkov <legion@xxxxxxxxxx> --- Alexey Gladkov (6): proc: Fix separator for subset option proc: Add allowlist to control access to procfs files proc: Check that subset= option has been set proc: Allow to use the allowlist filter in userns proc: Validate incoming allowlist doc: proc: Add description of subset=allowlist Documentation/filesystems/proc.rst | 10 + fs/proc/Kconfig | 10 + fs/proc/Makefile | 1 + fs/proc/generic.c | 15 +- fs/proc/inode.c | 16 +- fs/proc/internal.h | 33 ++++ fs/proc/proc_allowlist.c | 300 +++++++++++++++++++++++++++++ fs/proc/root.c | 36 +++- include/linux/proc_fs.h | 18 +- 9 files changed, 420 insertions(+), 19 deletions(-) create mode 100644 fs/proc/proc_allowlist.c -- 2.33.6
