Allow to mount procfs with subset=pid option even if the entire procfs
is not fully accessible to the mounter.
Changelog
---------
v6:
* Add documentation about procfs mount restrictions.
* Reorder commits for better review.
v4:
* Set SB_I_DYNAMIC only if pidonly is set.
* Add an error message if subset=pid is canceled during remount.
v3:
* Add 'const' to struct cred *mounter_cred (fix kernel test robot warning).
v2:
* cache the mounters credentials and make access to the net directories
contingent of the permissions of the mounter of procfs.
--
Alexey Gladkov (5):
docs: proc: add documentation about mount restrictions
proc: subset=pid: Show /proc/self/net only for CAP_NET_ADMIN
proc: Disable cancellation of subset=pid option
proc: Relax check of mount visibility
docs: proc: add documentation about relaxing visibility restrictions
Documentation/filesystems/proc.rst | 15 +++++++++++++++
fs/namespace.c | 30 ++++++++++++++++++------------
fs/proc/proc_net.c | 8 ++++++++
fs/proc/root.c | 24 +++++++++++++++++++-----
include/linux/fs.h | 1 +
include/linux/proc_fs.h | 1 +
6 files changed, 62 insertions(+), 17 deletions(-)
--
2.29.3
Signed-off-by: Alexey Gladkov <[email protected]>
---
Documentation/filesystems/proc.rst | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst
index 2fa69f710e2a..5a1bb0e081fd 100644
--- a/Documentation/filesystems/proc.rst
+++ b/Documentation/filesystems/proc.rst
@@ -50,6 +50,7 @@ fixes/update part 1.1 Stefani Seibold <[email protected]> June 9 2009
4 Configuring procfs
4.1 Mount options
+ 4.2 Mount restrictions
5 Filesystem behavior
@@ -2175,6 +2176,19 @@ information about processes information, just add identd to this group.
subset=pid hides all top level files and directories in the procfs that
are not related to tasks.
+4.2 Mount restrictions
+--------------------------
+
+If user namespaces are in use, the kernel additionally checks the instances of
+procfs available to the mounter and will not allow procfs to be mounted if:
+
+ 1. This mount is not fully visible.
+
+ a. It's root directory is not the root directory of the filesystem.
+ b. If any file or non-empty procfs directory is hidden by another mount.
+
+ 2. A new mount overrides the readonly option or any option from atime familty.
+
Chapter 5: Filesystem behavior
==============================
--
2.29.3
Signed-off-by: Alexey Gladkov <[email protected]>
---
Documentation/filesystems/proc.rst | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst
index 5a1bb0e081fd..9d993aef7f1c 100644
--- a/Documentation/filesystems/proc.rst
+++ b/Documentation/filesystems/proc.rst
@@ -2182,7 +2182,8 @@ are not related to tasks.
If user namespaces are in use, the kernel additionally checks the instances of
procfs available to the mounter and will not allow procfs to be mounted if:
- 1. This mount is not fully visible.
+ 1. This mount is not fully visible unless the new procfs is going to be
+ mounted with subset=pid option.
a. It's root directory is not the root directory of the filesystem.
b. If any file or non-empty procfs directory is hidden by another mount.
--
2.29.3