Received: by 10.213.65.68 with SMTP id h4csp998609imn; Wed, 4 Apr 2018 10:46:45 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+Oj8XPVchRMCBou7MZJqEeE2XgnqOxhaBG3etaseQ2V5LZDg/EULfZo0aetccIPQS/D67+ X-Received: by 10.98.159.200 with SMTP id v69mr14610578pfk.230.1522864005155; Wed, 04 Apr 2018 10:46:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522864005; cv=none; d=google.com; s=arc-20160816; b=EgbZdaBlDvXwcy+x0Xl4Q2nuTIMlaFJegx8vv4408WWN0i3ywaYRD6uRhOCwBOQhr/ 3ZXKSlz/fKg3mhWo8IW4e+goJtnPGu4ccaSxiHm0QDOfwMDKBF28d87eGRJ7NBtyIovm H35ECz09A1BdL+dj+5YYJYgpQ5VFMH6E5Z0mmtmByNLrEsQDl+c0W3Pf14J4+fwkAc5t 9bMGIMc/r6hQm730A+mQeI/Ey2nKgBNbyyKLnoXc2KllDSVcAzkYLEMMyxBQgL3/rC0U AMFee9hxHq6vzeCmxJIL9WVCwrqlFIa8AXVx8JIMa0/lQwgGXzhftDZhGBoZTAIaqwAp WiNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=tkjV+j9mttdeLNuqr2JuhELUhU+m58MseUelCSeqdrU=; b=SjOC7G2XN3950JBlmVqC3AGtf3yI0mpcVOrazCo0m8hcAYMHcSUpvhHT66HffQ27XW y4Lj08ShdJYd1i4J1n+j8gAI9oLaBHJAz/4JdIOWxoqasCAjbnc2S8vwTYSU7cmyXRuF v+7jRqr42nbDkGWg+QaeKY7x1jgZLQSO2JVxOiawL5prfOws6fp9E8GI03YZTG+QKwKt hwuO1b0muSufd3nGhkg/0mCySDhbeJzkX+9fymtrePWWhJSDXE0XY925cSQ2mtPD8nTC Wg7rj/OBvBpt4NeimA3ksqp+f1IgwXcHCMw2St/dYSuDYGWAdkKf0DwkVfl6zO/xou4+ vlsA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=vb/fTA6K; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i20si4071650pgn.711.2018.04.04.10.46.30; Wed, 04 Apr 2018 10:46:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=vb/fTA6K; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751362AbeDDRpP (ORCPT + 99 others); Wed, 4 Apr 2018 13:45:15 -0400 Received: from mail-wr0-f178.google.com ([209.85.128.178]:39267 "EHLO mail-wr0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750915AbeDDRpN (ORCPT ); Wed, 4 Apr 2018 13:45:13 -0400 Received: by mail-wr0-f178.google.com with SMTP id c24so24067613wrc.6 for ; Wed, 04 Apr 2018 10:45:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=tkjV+j9mttdeLNuqr2JuhELUhU+m58MseUelCSeqdrU=; b=vb/fTA6Ke8c7/TMeo9ob3qU6+qZlBlXmpBY0CubMvRCLWYzWCf44HDlxjiYjqEMyMx Pi8LeotzpE64y9Z/aA0kaZ+npXb3iV9oCHQH/dn/xB0fFcCRkLcok324P1bnGZ9dmQbj Z58E9CgcpFCFwUvbc8SEfBxo5pkXOMDVkszz0loxa1kT/48ylttPwubYWmutiVqamjQ4 iIofxoYjKBiSOnTCwEfkDARP3jCe/RIwnE1vGj28/O0gPYojOv30vx91AoCmGF9eQ/RT oVUBfRtkPCHlkUZVcU1RRMRWeg8/G6yPW8K48/ya6BbC4d/sIDHb7tk2soakNcZM+c6D 9CYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=tkjV+j9mttdeLNuqr2JuhELUhU+m58MseUelCSeqdrU=; b=Xmt3Y1wCfvNICYSXOcJ5L35gvF3UIF596/wN3peCRZcnkZqh38oa12pj0AESCmQn/o PbNRwzk5lnVqvVTLbunzRvw2OvcIfSYzuczPXOrw5wrGoWaqgqZnsoh6fUT3CY8Ium8N t65RpKEv0EkhtlMuxM2R1oSfFWnCIPMOwFsQO5UtwFxGVCmvkEgGxQxkHIcaVzthyH0I yB0xh6vEHNP+aNEPwm8uAHw6qZHcASo+EssT/HGk05BtR2giSn/F4HvyPE2TyH0rz5T1 rJaMG4FpgScO5xy5jVeI5jxZXidyVCTPpePh+4oSmkvw2DcCWQ1f+d7PMEOSgfWeFnQg XS0w== X-Gm-Message-State: AElRT7HYhE3yHj1R9qFKU8l0N0oYgYa9YCuwO1wBh7C2oiSajHNPH7+w LT9Cn0iODPXW55dhjZt+vnBq X-Received: by 10.223.130.194 with SMTP id 60mr14882104wrc.46.1522863912628; Wed, 04 Apr 2018 10:45:12 -0700 (PDT) Received: from avx2 (nat4-minsk-pool-46-53-177-92.telecom.by. [46.53.177.92]) by smtp.gmail.com with ESMTPSA id o10sm4195823wra.51.2018.04.04.10.45.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 10:45:11 -0700 (PDT) Date: Wed, 4 Apr 2018 20:45:09 +0300 From: Alexey Dobriyan To: alban@kinvolk.io Cc: linux-kernel@vger.kernel.org, ebiederm@xmission.com Subject: Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible Message-ID: <20180404174509.GA2540@avx2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.7.2 (2016-11-26) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Instead, it introduces new options in proc to disable some proc entries (TBD). No, no, no, no. Blacklists are bad, mmkay. The reason is that quite dangerous new /proc entries get added (think /proc/kpageflags) and suddenly they are enabled inside container. > The granularity does not need to be per proc entry. I think it does. Grouping always becomes either too fine or too coarse. > Granularity can be improved later if use cases exist. Granularity can not be tightened as it may break existing users. So new granularity options are going to be invented until finally it is per file. > "maskedPaths": [ > "/proc/kcore", > "/proc/latency_stats", > "/proc/timer_list", > "/proc/timer_stats", > "/proc/sched_debug", > "/sys/firmware", > "/proc/scsi" > ], Just say no to drugs. > /proc/kcore As a side note: /proc/kcore should be more or less safe because it is under CAP_SYS_RAWIO.