Received: by 10.213.65.68 with SMTP id h4csp1002007imn; Wed, 4 Apr 2018 10:50:39 -0700 (PDT) X-Google-Smtp-Source: AIpwx49MgfXjkAR7kNUe1L/QgJzOmysnFzT6M8GKzM7r72/NKKlGoi+EkGFNcLOYxKnnPROF3wdG X-Received: by 10.98.60.207 with SMTP id b76mr14768352pfk.118.1522864239663; Wed, 04 Apr 2018 10:50:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522864239; cv=none; d=google.com; s=arc-20160816; b=NEhUxVDVnoVFG4lsSbu+55EgvmzAkDmynN3RH18TlfNy/OAW2wXh7rvmf0D+hovVv0 Yr/EheJ65IiGDelFpAaAamDgpHic/rBW0C5JA2SVdvhJzB8PYQjdTKpYOWAokxN4VHzR Wgm1+wEWNA1nyO9hDz8OWRvNeDSA7xGCJ0ZmPennLQkBrVHCkpAo8Qalg4+x25ea+Am2 5KNifH2Hh4Nu9X5ksUSxxcwsDSK9VLGYsATxfqiHVu0/7y5EgvAZGQWsY7r7soR6nIVV CJxPasalDUjsjgD9wQyq9X5hhBe0DhOwh2KpQb+gRUjjsgfGLqaiNSxHGjY3ETmBivMg 6lYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=HEPbpQAyN1ihQz0l33OGyr/6Zyq8a3hgzXttmljlnDM=; b=OasX2K/4x0oP4AHZLk0wYVD4oY8eZjuZOTHYG6JSzn3BIGJun2lyF2UXxHFofJ/b8U 1uximg9URn0U4uXFv7yBtvfulq3Cd6zPELjxZKBD6Ily9+YqQbCNYFeqJhGL0NxeaCTL WOFKV5htMcS8jWuQRagIHRAN9lT8/eKaQA3wRwGuUpp3cDRIrY3SCI6g2edA615d6Rgs rW9bOdPVSBPCzMRpQukMXEqPBuDW1gmbB+pqwxBBzpl2SAmPFRKQ7xepkva+ZRcPVNFC +NVsn7TCAcKqlL3J5p008xb3BvOoUmoBsWn2ecN+R0BesKrfbTa10mn+nVGGxlGqgr+F 64KA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cjSmxmGN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p23si4519172pfj.40.2018.04.04.10.50.25; Wed, 04 Apr 2018 10:50:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cjSmxmGN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751389AbeDDRtO (ORCPT + 99 others); Wed, 4 Apr 2018 13:49:14 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:34978 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750915AbeDDRtN (ORCPT ); Wed, 4 Apr 2018 13:49:13 -0400 Received: by mail-wr0-f193.google.com with SMTP id 80so24114914wrb.2 for ; Wed, 04 Apr 2018 10:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=HEPbpQAyN1ihQz0l33OGyr/6Zyq8a3hgzXttmljlnDM=; b=cjSmxmGNMxX+K4T797LZ+wr/3UdMHrhMtoxSXTa5BETRocWuK7S5e+HjpWkwyxcFfy 8DKh0nB929lg/uif2NXg79q8FclHYQSvRqxSFFvuuI9SIVAVy2CEOyo09cyacO0hZzfu INHn0awYTIiFsOMoME0+aDrAUFHndeJYN4KBuOQukkAWaZKBn2byBnWitlOSoekLZp+u 7oYDMvK/9KZtTVe8tDJDqn00097jnfqh4zE/Kx5TDrJ7JeR8WyFOVrUOdTDwuy2/NdiP qeT9rIGOfPTyXB2jtrHdAOC2+QXu1OsDs0dCWzDQjWpqWeiQTzVtSubCHYCEXHZ6ODdU 3m6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=HEPbpQAyN1ihQz0l33OGyr/6Zyq8a3hgzXttmljlnDM=; b=K9O7rhG/f1Q7LOg6d8FJFmF+Ee+RumE8XD6zP7t6JA9QvOeBkXMS4aY5eFYzVeX/zg NJwkbaeBUpUlaVvpItH5Ax1e2E4CS8j+RzEsIq2BxePAulGs8WlrnwBB5g4VHe/G/Rc1 NXGESvnd1t1/Pv4QbCxA6CpEdP/UqFr9o4xfYNKv59c/itInucxMVrk984ZSJUY5cdcY Sd26Qf748MCv+ps63OSbkgNTjjBjOaeuIvMIkGX2X7QQSZB4zlqBDRI+hjlKqeye75a5 CrUdeW8SCo9Gn2kG4G44karK0PqEzMq6hc1I2/hvtr2VKvMsTusqBU4cLUwcsuRgKTK4 cGjw== X-Gm-Message-State: AElRT7HVLyKujpRoJ+4qGgMYDj7J8XrU/fFkpJCkc9B+PSTNehQ7ghXv yQWZhSsxxCDZUaJtWM5HQQ== X-Received: by 10.223.150.175 with SMTP id u44mr13075201wrb.104.1522864152118; Wed, 04 Apr 2018 10:49:12 -0700 (PDT) Received: from avx2 (nat4-minsk-pool-46-53-177-92.telecom.by. [46.53.177.92]) by smtp.gmail.com with ESMTPSA id c57sm5639640wrg.84.2018.04.04.10.49.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 10:49:11 -0700 (PDT) Date: Wed, 4 Apr 2018 20:49:09 +0300 From: Alexey Dobriyan To: ebiederm@xmission.com Cc: alban.crequy@gmail.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible Message-ID: <20180404174909.GB2540@avx2> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.7.2 (2016-11-26) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > The only option I have seen proposed that might qualify as something > general purpose and simple is a new filesystem that is just the process > directories of proc. While "mount -t pid" and "mount -t sysctl" are decades overdue, I don't think they cover everything. IIRC some gcc versions read /proc/meminfo on every invocation. Now imagine such program doesn't have a fallback if /proc/ doesn't exist (how many thousands such programs are there?) So user is going to ask for /proc with just /proc/meminfo only. At this point it is back to nearly full /proc.