Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1264894pxa; Thu, 20 Aug 2020 07:05:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw288DVlICmqfEeuV5gLmTfHa4FCEuZts4HALBsA9RBsxq6mizDV0tjf0KRva3vkMeMwAF8 X-Received: by 2002:a17:906:6c5:: with SMTP id v5mr305076ejb.323.1597932357755; Thu, 20 Aug 2020 07:05:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597932357; cv=none; d=google.com; s=arc-20160816; b=BSa4lE9ElBxVrw+qva8LSsPxdRyJCcXkVH/PWGjOhH2eJ1YVfrvMbEurQGngUFdITu edRGLoOemQLoDLM8YtD4beQKPtHS0iw8X0w69vCqBiMMm8bm8rltjtlIlIlcK5ov7FaH 1PzxnlFWDheG3pL3lbdNdWfo5DzSxdv+fDsmjU6CmjbEOjIj2BTvGAfpCjfsAdX2ZxFb EiXPEXoEBNsz60F+GXa71GbTFiOhKUFVFbBIu3IqBcS6tOYUVUcxnCGxcBZ9sz5Gieh0 M3Ee0cIB/r/cMKipU5H30dffeUrSI/pCOuLWhLOosxKJuJLEm+daPm8KTb/u4N4KJpal oNUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=ODTKiQ9tY27WoGk1Z72dEM0CdeyP0CWRH3NnRysq30s=; b=rOWZkbyhEYO/xgIG0BIQjJefH+81EEYzDynKFtaqchEI1yTPSwfFuU9gzrPIg1h2Mb M6Ehz19oiumapRG9QGxl2a4WFIT4kQti6ihOM7ZMvTFUGstQ/92rH3i2Z8XLmKwhwK7G nBK9XS8lxww82wpM3+kBsLvex8AgJ7hNlP7mAZ1mi9MHPRZ669rUJJ0EH2jYm9hYA29C P6HsaRKwrAMCm9jVXDHn93umWCa58eCoq42+p8s23Jab0zJkCao4KfuepPz3EFPuFi6o GWKxKZj3qMj0s90nwy/ASxFM3Yl7DwfkZizJ1sxIjrBjPuRfnfuf7EGapB1Gq5g+BAee j4mQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c2si1822485edf.572.2020.08.20.07.05.33; Thu, 20 Aug 2020 07:05:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728671AbgHTODN (ORCPT + 99 others); Thu, 20 Aug 2020 10:03:13 -0400 Received: from raptor.unsafe.ru ([5.9.43.93]:41962 "EHLO raptor.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728572AbgHTN4B (ORCPT ); Thu, 20 Aug 2020 09:56:01 -0400 Received: from comp-core-i7-2640m-0182e6.redhat.com (ip-89-102-33-211.net.upcbroadband.cz [89.102.33.211]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by raptor.unsafe.ru (Postfix) with ESMTPSA id 510982052E; Thu, 20 Aug 2020 13:55:50 +0000 (UTC) From: Alexey Gladkov To: LKML , Linux FS Devel , "Eric W . Biederman" Cc: Alexey Gladkov , Alexander Viro , Kees Cook Subject: [PATCH v3 0/2] proc: Relax check of mount visibility Date: Thu, 20 Aug 2020 15:53:32 +0200 Message-Id: X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.1 (raptor.unsafe.ru [5.9.43.93]); Thu, 20 Aug 2020 13:55:54 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org If only the dynamic part of procfs is mounted (subset=pid), then there is no need to check if procfs is fully visible to the user in the new user namespace. Changelog --------- v3: * Add 'const' to struct cred *mounter_cred (fix kernel test robot warning). v2: * cache the mounters credentials and make access to the net directories contingent of the permissions of the mounter of procfs. Alexey Gladkov (2): proc: Relax check of mount visibility Show /proc/self/net only for CAP_NET_ADMIN fs/namespace.c | 27 ++++++++++++++++----------- fs/proc/proc_net.c | 8 ++++++++ fs/proc/root.c | 21 +++++++++++++++------ include/linux/fs.h | 1 + include/linux/proc_fs.h | 1 + 5 files changed, 41 insertions(+), 17 deletions(-) -- 2.25.4