Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp4339264imm;
        Mon, 14 May 2018 06:15:06 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZqlN+q/BDL4zPBLGw2B57tEmC3NfxUSlhrFap6aIDSUimvs7ceVMXgENDzjNMO7pwfv3nY+
X-Received: by 2002:a63:8849:: with SMTP id l70-v6mr8685753pgd.49.1526303705878;
        Mon, 14 May 2018 06:15:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526303705; cv=none;
        d=google.com; s=arc-20160816;
        b=fN9YJ3PEQbz3PrwD6kpCqNsxWQzLG5RVRl3G+CkIXcmliopBnZaQmKysy+eVViUR5X
         1umRE+oy7FEuHKSuYLtc1TNo9j2Iry2PHvDaijH/uzUToDWQtLLPzwse1UKHkOImexmt
         Jg2VqtUtsBXyW91qA11alNbVt7xOSLm+9oQQvTqaQILvcmyH5uFTADV6WLER5oZv/nlq
         1flD/jovT5nbe+hGqGnYQOgw6fvTqoOau1W5J+zugTO5C54uco7Lt2iG+VDNlI2ih+Cu
         n0axhMS4UCmWwZxRYH5gF5JwfNGdpR0F88yP2nYkCyWQwu4nIad4JTvG1AME3VcBx9BJ
         3cXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:mime-version:user-agent
         :message-id:in-reply-to:date:references:cc:to:from
         :arc-authentication-results;
        bh=reRb5nRmiq+Zw39wwLPd/EhaObQV16Viqm5gCSIS3/0=;
        b=a2IIr+CA1YnmeyKST25W+77LXvuQStuV42Hl4W3i/raumC+Xefh43wfaH13ag/5U0T
         nqnbY8MwZY1hjY37g+5QEz8L3OBLyH/QTq+TlTZ9/0UkWoZ7+WCMFwBBhw06ZOaC7h64
         0LURn2/TQtPdQHbdJeMO4paa0+PmPXruf+vs8WlSbGYw9McGQeG2wXepWWGy7pC7lXGF
         bkjQ/AUDxPgBggXvsY8DIJDgAEn+QffFYDzUObCKreoYchG9ahfJg/0CczsTq8kxETH1
         lWkJGAlLQ7Hff20ALr0kppuGZslyngCy3CginTKW44oNYyAfczrbSCm7DV66rn6jn94s
         zvNA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f85-v6si9601227pfj.125.2018.05.14.06.14.51;
        Mon, 14 May 2018 06:15:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932456AbeENNOM (ORCPT <rfc822;yuankui.zhao@gmail.com>
        + 99 others); Mon, 14 May 2018 09:14:12 -0400
Received: from out03.mta.xmission.com ([166.70.13.233]:40000 "EHLO
        out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932301AbeENNOI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 May 2018 09:14:08 -0400
Received: from in02.mta.xmission.com ([166.70.13.52])
        by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1fIDIk-0007gc-EY; Mon, 14 May 2018 07:14:06 -0600
Received: from [97.90.247.198] (helo=x220.xmission.com)
        by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1fIDIj-00047t-PO; Mon, 14 May 2018 07:14:06 -0600
From:   ebiederm@xmission.com (Eric W. Biederman)
To:     Alexey Gladkov <gladkov.alexey@gmail.com>
Cc:     Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
        Andy Lutomirski <luto@kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        linux-fsdevel@vger.kernel.org,
        kernel list <linux-kernel@vger.kernel.org>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Akinobu Mita <akinobu.mita@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Jeff Layton <jlayton@poochiereds.net>,
        Ingo Molnar <mingo@kernel.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        aniel Micay <danielmicay@gmail.com>,
        Jonathan Corbet <corbet@lwn.net>, bfields@fieldses.org,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        Solar Designer <solar@openwall.com>,
        "Dmitry V. Levin" <ldv@altlinux.org>,
        Djalal Harouni <tixxdz@gmail.com>
References: <20180511093707.GA1403@comp-core-i7-2640m-0182e6>
        <CAG48ez0bXvp1iF=HqyhEP1p5B6PRR07_j0qRoypJqs8x3Z+=mw@mail.gmail.com>
        <20180514090117.GC28179@comp-core-i7-2640m-0182e6>
Date:   Mon, 14 May 2018 08:13:50 -0500
In-Reply-To: <20180514090117.GC28179@comp-core-i7-2640m-0182e6> (Alexey
        Gladkov's message of "Mon, 14 May 2018 11:01:17 +0200")
Message-ID: <874ljamlbl.fsf@xmission.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1fIDIj-00047t-PO;;;mid=<874ljamlbl.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=97.90.247.198;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1/oTxV7Q02z19NeoohnjWhfkB0B1tj6Jlw=
X-SA-Exim-Connect-IP: 97.90.247.198
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa04.xmission.com
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,XMSubLong autolearn=disabled
        version=3.4.1
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  0.7 XMSubLong Long Subject
        *  0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available.
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.5000]
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa04 1397; Body=1 Fuz1=1 Fuz2=1]
X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ;Alexey Gladkov <gladkov.alexey@gmail.com>
X-Spam-Relay-Country: 
X-Spam-Timing: total 214 ms - load_scoreonly_sql: 0.08 (0.0%),
        signal_user_changed: 3.5 (1.6%), b_tie_ro: 2.4 (1.1%), parse: 1.44 (0.7%),
        extract_message_metadata: 3.9 (1.8%), get_uri_detail_list: 1.42 (0.7%),
        tests_pri_-1000: 9 (4.0%), tests_pri_-950: 1.83 (0.9%), tests_pri_-900: 1.47
        (0.7%), tests_pri_-400: 27 (12.6%), check_bayes: 26 (12.0%), b_tokenize: 11
        (5.1%), b_tok_get_all: 6 (3.0%), b_comp_prob: 2.7 (1.3%), b_tok_touch_all:
        3.4 (1.6%), b_finish: 0.72 (0.3%), tests_pri_0: 146 (67.9%),
        check_dkim_signature: 0.61 (0.3%), check_dkim_adsp: 3.8 (1.8%),
        tests_pri_500: 8 (3.9%), rewrite_mail: 0.00 (0.0%)
Subject: Re: [PATCH v5 7/7] proc: add option to mount only a pids subset
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Alexey Gladkov <gladkov.alexey@gmail.com> writes:

> On Fri, May 11, 2018 at 03:58:39PM +0200, Jann Horn wrote:
>> On Fri, May 11, 2018 at 11:37 AM, Alexey Gladkov
>> <gladkov.alexey@gmail.com> wrote:
>> > This allows to hide all files and directories in the procfs that are not
>> > related to tasks.
>> 
>> /proc/$pid/net and /proc/$pid/task/$tid/net aren't in scope for this
>> protection, even though they contain information about the whole
>> network namespace of the task, right?
>
> Yes. The pidonly makes visible only pids subset. You can still access the
> process namespaces via /proc/$pid/ns.
>
> We can think of additional constraints since the parameters are not
> stored in the pid namespace anymore.

pidonly is fine.

You have to be very careful with this.  The existing hidepid option
needs to live in the pid namespace.  The issue is if someone is allowed
to mount proc and play with these options as in remount you this may
cause issues.

Eric