The patch titled Subject: docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior has been added to the -mm tree. Its filename is docs-proc-add-documentation-for-hidepid=4-and-subset=pid-options-and-new-mount-behavior.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/docs-proc-add-documentation-for-hidepid%3D4-and-subset%3Dpid-options-and-new-mount-behavior.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/docs-proc-add-documentation-for-hidepid%3D4-and-subset%3Dpid-options-and-new-mount-behavior.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Alexey Gladkov <gladkov.alexey@xxxxxxxxx> Subject: docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior Link: http://lkml.kernel.org/r/20200419141057.621356-6-gladkov.alexey@xxxxxxxxx Signed-off-by: Alexey Gladkov <gladkov.alexey@xxxxxxxxx> Reviewed-by: Alexey Dobriyan <adobriyan@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Akinobu Mita <akinobu.mita@xxxxxxxxx> Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Andy Lutomirski <luto@xxxxxxxxxx> Cc: Daniel Micay <danielmicay@xxxxxxxxx> Cc: David Howells <dhowells@xxxxxxxxxx> Cc: Djalal Harouni <tixxdz@xxxxxxxxx> Cc: "Dmitry V . Levin" <ldv@xxxxxxxxxxxx> Cc: "Eric W . Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxxxxx> Cc: "J . Bruce Fields" <bfields@xxxxxxxxxxxx> Cc: Jeff Layton <jlayton@xxxxxxxxxxxxxxx> Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Oleg Nesterov <oleg@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- Documentation/filesystems/proc.rst | 54 +++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) --- a/Documentation/filesystems/proc.rst~docs-proc-add-documentation-for-hidepid=4-and-subset=pid-options-and-new-mount-behavior +++ a/Documentation/filesystems/proc.rst @@ -51,6 +51,8 @@ fixes/update part 1.1 Stefani Seibold < 4 Configuring procfs 4.1 Mount options + 5 Filesystem behavior + Preface ======= @@ -2142,6 +2144,7 @@ The following mount options are supporte ========= ======================================================== hidepid= Set /proc/<pid>/ access mode. gid= Set the group authorized to learn processes information. + subset= Show only the specified subset of procfs. ========= ======================================================== hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories @@ -2164,6 +2167,57 @@ information about running processes, whe privileges, whether other user runs some sensitive program, whether other users run any program at all, etc. +hidepid=4 means that procfs should only contain /proc/<pid>/ directories +that the caller can ptrace. + gid= defines a group authorized to learn processes information otherwise prohibited by hidepid=. If you use some daemon like identd which needs to learn information about processes information, just add identd to this group. + +subset=pid hides all top level files and directories in the procfs that +are not related to tasks. + +5 Filesystem behavior +---------------------------- + +Originally, before the advent of pid namepsace, procfs was a global file +system. It means that there was only one procfs instance in the system. + +When pid namespace was added, a separate procfs instance was mounted in +each pid namespace. So, procfs mount options are global among all +mountpoints within the same namespace. + +:: + +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=2 0 0 + +# strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc +mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 ++++ exited with 0 +++ + +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=2 0 0 +proc /tmp/proc proc rw,relatime,hidepid=2 0 0 + +and only after remounting procfs mount options will change at all +mountpoints. + +# mount -o remount,hidepid=1 -t proc proc /tmp/proc + +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=1 0 0 +proc /tmp/proc proc rw,relatime,hidepid=1 0 0 + +This behavior is different from the behavior of other filesystems. + +The new procfs behavior is more like other filesystems. Each procfs mount +creates a new procfs instance. Mount options affect own procfs instance. +It means that it became possible to have several procfs instances +displaying tasks with different filtering options in one pid namespace. + +# mount -o hidepid=2 -t proc proc /proc +# mount -o hidepid=1 -t proc proc /tmp/proc +# grep ^proc /proc/mounts +proc /proc proc rw,relatime,hidepid=2 0 0 +proc /tmp/proc proc rw,relatime,hidepid=1 0 0 _ Patches currently in -mm which might be from gladkov.alexey@xxxxxxxxx are proc-rename-struct-proc_fs_info-to-proc_fs_opts.patch proc-allow-to-mount-many-instances-of-proc-in-one-pid-namespace.patch proc-instantiate-only-pids-that-we-can-ptrace-on-hidepid=4-mount-option.patch proc-add-option-to-mount-only-a-pids-subset.patch docs-proc-add-documentation-for-hidepid=4-and-subset=pid-options-and-new-mount-behavior.patch proc-use-human-readable-values-for-hidepid.patch proc-use-named-enums-for-better-readability.patch