Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp499249pxf; Wed, 10 Mar 2021 10:24:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJxBtjicxwOS26pkxK4yW5O8nJK3v3EJnIZRCg5hCXyP/itYnNP1XmHnUvW0LdCdJIYVJ/bm X-Received: by 2002:aa7:db4f:: with SMTP id n15mr4790257edt.12.1615400648741; Wed, 10 Mar 2021 10:24:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615400648; cv=none; d=google.com; s=arc-20160816; b=JXWw+/8Hsnx/vWc2x/N1NKILdmnL6GKd4EQ9loHWXgs/j7YGz/31Fy2RKsWQBT9foy 1nnlM/iNV2ySmGxXYJy0rtwo1FViK9hOzRf21uSBCECgY32WZa58PSe6Y3TdprZJw0AK wvsGDWs5HnGWs0SPJA+1oWE+vM0LZvUgr86Hk/nTFGTIQED8w5AA2zQM6P6xm5BDz7BM MO/EQZTb4pqWP9NDNsc4cahSlwogWb5FlxRTL7eej8UZ17wLJfmnEWc5i7no3Gnts+uq LCeZyVyusZA4FzrjjS4KsDEMbNbHuQgu4mz5ndKYAiKx7BX0N/eaDdR7dYbISSTxd7k7 Rt/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=uWV2Z95uEgMneWIbTuh1EXVjW3PfZiRgzbMkT2jxhEg=; b=dcQPTxL2TAT98DP15kPLJ/H1/TiOWe45NAQ1fXMPUGFRARhzsrRebFfiqikyInvyjE g6M6naUTCxh2Tw5DFa4cuG0EXjUVVEKuMF09erPMFiqoT5skSf0JK3q58aGf1rLo5YpS XaLUWzVNkOaYKxVtPtkc7D2K+soAIWVB+hgDnMi1q6zJJT2Fsle/Qe1HP4YrJlq0jV8G T01JxioAVJ9onLwNWP0TAW2REA53+PwMyupDHb+p3P/3MJ8lFMAY8uYKOumtOuZchVIF RwOBMH/65t9b0PFcHhipOxO+2XNse5wpK369q0GqyXqx3MJIfjIpyHPEcT4aCiI89s2m 7Olg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lc20si73656ejb.492.2021.03.10.10.23.46; Wed, 10 Mar 2021 10:24:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233782AbhCJSUv (ORCPT + 99 others); Wed, 10 Mar 2021 13:20:51 -0500 Received: from raptor.unsafe.ru ([5.9.43.93]:56500 "EHLO raptor.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233416AbhCJSUW (ORCPT ); Wed, 10 Mar 2021 13:20:22 -0500 Received: from comp-core-i7-2640m-0182e6.redhat.com (ip-94-113-225-162.net.upcbroadband.cz [94.113.225.162]) by raptor.unsafe.ru (Postfix) with ESMTPSA id 504AF4175E; Wed, 10 Mar 2021 18:20:20 +0000 (UTC) From: Alexey Gladkov To: LKML , "Eric W . Biederman" Cc: Alexey Gladkov , Alexander Viro , Kees Cook , Linux Containers , Linux FS Devel Subject: [PATCH v5 3/5] proc: Disable cancellation of subset=pid option Date: Wed, 10 Mar 2021 19:19:58 +0100 Message-Id: X-Mailer: git-send-email 2.29.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (raptor.unsafe.ru [0.0.0.0]); Wed, 10 Mar 2021 18:20:20 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There is no way to remount procfs mountpoint with subset=pid option without it. This is done in order not to make visible what was hidden since some checks occur during mount. This patch makes this limitation explicit and demonstrates the error. Signed-off-by: Alexey Gladkov --- fs/proc/root.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/proc/root.c b/fs/proc/root.c index 6a75ac717455..0d20bb67e79a 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c @@ -145,7 +145,7 @@ static int proc_parse_param(struct fs_context *fc, struct fs_parameter *param) return 0; } -static void proc_apply_options(struct proc_fs_info *fs_info, +static int proc_apply_options(struct proc_fs_info *fs_info, struct fs_context *fc, struct user_namespace *user_ns) { @@ -155,8 +155,12 @@ static void proc_apply_options(struct proc_fs_info *fs_info, fs_info->pid_gid = make_kgid(user_ns, ctx->gid); if (ctx->mask & (1 << Opt_hidepid)) fs_info->hide_pid = ctx->hidepid; - if (ctx->mask & (1 << Opt_subset)) + if (ctx->mask & (1 << Opt_subset)) { + if (ctx->pidonly != PROC_PIDONLY_ON && fs_info->pidonly == PROC_PIDONLY_ON) + return invalf(fc, "proc: subset=pid cannot be unset\n"); fs_info->pidonly = ctx->pidonly; + } + return 0; } static int proc_fill_super(struct super_block *s, struct fs_context *fc) @@ -172,7 +176,9 @@ static int proc_fill_super(struct super_block *s, struct fs_context *fc) fs_info->pid_ns = get_pid_ns(ctx->pid_ns); fs_info->mounter_cred = get_cred(fc->cred); - proc_apply_options(fs_info, fc, current_user_ns()); + ret = proc_apply_options(fs_info, fc, current_user_ns()); + if (ret) + return ret; /* User space would break if executables or devices appear on proc */ s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV; @@ -224,8 +230,7 @@ static int proc_reconfigure(struct fs_context *fc) put_cred(fs_info->mounter_cred); fs_info->mounter_cred = get_cred(fc->cred); - proc_apply_options(fs_info, fc, current_user_ns()); - return 0; + return proc_apply_options(fs_info, fc, current_user_ns()); } static int proc_get_tree(struct fs_context *fc) -- 2.29.2