Re: [PATCH v5 7/7] proc: add option to mount only a pids subset

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Alexey Gladkov <gladkov.alexey@xxxxxxxxx>
Subject: Re: [PATCH v5 7/7] proc: add option to mount only a pids subset
From: Jann Horn <jannh@xxxxxxxxxx>
Date: Fri, 11 May 2018 15:58:39 +0200
Cc: Kees Cook <keescook@xxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, kernel list <linux-kernel@xxxxxxxxxxxxxxx>, Kernel Hardening <kernel-hardening@xxxxxxxxxxxxxxxxxx>, linux-security-module <linux-security-module@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>, Akinobu Mita <akinobu.mita@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Jeff Layton <jlayton@xxxxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Alexey Dobriyan <adobriyan@xxxxxxxxx>, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, aniel Micay <danielmicay@xxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, bfields@xxxxxxxxxxxx, Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>, Solar Designer <solar@xxxxxxxxxxxx>, "Dmitry V. Levin" <ldv@xxxxxxxxxxxx>, Djalal Harouni <tixxdz@xxxxxxxxx>
In-reply-to: <20180511093707.GA1403@comp-core-i7-2640m-0182e6>

On Fri, May 11, 2018 at 11:37 AM, Alexey Gladkov
<gladkov.alexey@xxxxxxxxx> wrote:
> This allows to hide all files and directories in the procfs that are not
> related to tasks.

/proc/$pid/net and /proc/$pid/task/$tid/net aren't in scope for this
protection, even though they contain information about the whole
network namespace of the task, right?

Follow-Ups:
- Re: [PATCH v5 7/7] proc: add option to mount only a pids subset
  - From: Alexey Gladkov

References:
- [PATCH v5 7/7] proc: add option to mount only a pids subset
  - From: Alexey Gladkov

Prev by Date: Re: [PATCH v5 1/7] proc: add proc_fs_info struct to store proc information
Next by Date: Re: [RFC v2 4/4] btrfs: verify symlinks with append/immutable flags
Previous by thread: [PATCH v5 7/7] proc: add option to mount only a pids subset
Next by thread: Re: [PATCH v5 7/7] proc: add option to mount only a pids subset
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]