Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp4078555imm; Mon, 14 May 2018 02:11:11 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqBxDM9xssfA1XV2trEYYXFMRm9Zh7n1ThVmCr41GttF2X9JcJlPbi0P8cZXfVV0Y+LlCtQ X-Received: by 2002:a17:902:42c3:: with SMTP id h61-v6mr8999244pld.164.1526289071917; Mon, 14 May 2018 02:11:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526289071; cv=none; d=google.com; s=arc-20160816; b=cGZPfJpM3PBQNIXpZPbKU+gePW9ZY0AqDbbMoGGaVRFwy6UPHcx/KWnLOFS2Sj0pS+ ggowYhy5wxsFjP38UzUQSf9zBOx21+uXZoSk0yMoEj5M559gPOpbDeiUXcKuvKYfDqrX EFEi0BRhVvKhzk3Jwg3URsbOcn8odddAcl7F7xK48yypOpFWmDqeDscalgYHVePMMFu5 cqOaif+U8/VNDhT6JyQWmEmOsTGfrtFmufnSYbK0jz83mhvXloIgUUubewjz/8F5RJZ1 y0/yGIHMhjkOavqNiE5I99unWDXkqs/GmSYfeX1PhHmqCs5ykB09AJe+L3fCavc6vzN+ kLCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=R05/gCGdTaeJkLt7ffIRIdDrD2DllLW69LztYBZQHMU=; b=NW4/IzEHdVfPfHVEp1DK8Ejn/zoIabvVEKDjtfNF4KZQSAAfQDRVtDYktrSnj5jmKF a95Y6HomYLqdVCXX3OShzg0Brcaj141i8GdQMnGPaF2BslCoL595ZGWOtxfKhrAvVXZ0 7riz47yjn0vrr9z3oKO82YwVc6/hw18HNFtC9RwqkS7qTaqfgDC/QUR/8UnstJcL5Js5 2C9MeUOw191fXZUx2DcBVmKma11KRXUSkMH23OQzzkzKzZmMd11ywUEYs8yWxSiw3fWx 1mmb6bUlJSiRDaOv5tZOXJDXcf+GZK/DUBO2J+5PLpoe9WBZp6pScZ9bX3IBoq/mfOB6 egCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 202-v6si9612193pfx.61.2018.05.14.02.10.57; Mon, 14 May 2018 02:11:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752310AbeENJJN (ORCPT + 99 others); Mon, 14 May 2018 05:09:13 -0400 Received: from monster.unsafe.ru ([5.9.28.80]:54410 "EHLO mail.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751617AbeENJJL (ORCPT ); Mon, 14 May 2018 05:09:11 -0400 Received: from comp-core-i7-2640m-0182e6 (nat-pool-brq-t.redhat.com [213.175.37.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.unsafe.ru (Postfix) with ESMTPSA id 19375C6180C; Mon, 14 May 2018 09:09:06 +0000 (UTC) Date: Mon, 14 May 2018 11:01:17 +0200 From: Alexey Gladkov To: Jann Horn Cc: Kees Cook , Andy Lutomirski , Andrew Morton , linux-fsdevel@vger.kernel.org, kernel list , Kernel Hardening , linux-security-module , Linux API , Greg Kroah-Hartman , Alexander Viro , Akinobu Mita , Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Linus Torvalds , aniel Micay , Jonathan Corbet , bfields@fieldses.org, Stephen Rothwell , Solar Designer , "Dmitry V. Levin" , Djalal Harouni Subject: Re: [PATCH v5 7/7] proc: add option to mount only a pids subset Message-ID: <20180514090117.GC28179@comp-core-i7-2640m-0182e6> References: <20180511093707.GA1403@comp-core-i7-2640m-0182e6> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 11, 2018 at 03:58:39PM +0200, Jann Horn wrote: > On Fri, May 11, 2018 at 11:37 AM, Alexey Gladkov > wrote: > > This allows to hide all files and directories in the procfs that are not > > related to tasks. > > /proc/$pid/net and /proc/$pid/task/$tid/net aren't in scope for this > protection, even though they contain information about the whole > network namespace of the task, right? Yes. The pidonly makes visible only pids subset. You can still access the process namespaces via /proc/$pid/ns. We can think of additional constraints since the parameters are not stored in the pid namespace anymore. -- Rgrds, legion