Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1403307pxf; Fri, 12 Mar 2021 08:44:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJw2qcGkaVzzss5Dl/02mqXdnezJyhcD/ko+2ukb5o3GUNdDX7QXYynqyrGdDEYJaXBea2sl X-Received: by 2002:a05:6402:1a4f:: with SMTP id bf15mr15279987edb.304.1615567450999; Fri, 12 Mar 2021 08:44:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615567450; cv=none; d=google.com; s=arc-20160816; b=P0prh+8DqEfdE33NSdKlH0m+djs1yuRdmQVV8Ax4LpasQQfOi/7uQBsQZ0YEN4VHII EWE84DRu5VoeMBb/+y7feQZlL4qYLToyh5OPNRBL5uwy9EClR6pO9QyEGNG9r2xxrxdh +5GSm7opZ18TR72tk8X926vYjZKfN3YE8B57Y2Hp7AUa6ygsls7IYdQ82syYAPw2B0V4 G9Tb92QIlNYI4r9m/AdTiQJ4cbuzpcg1sOfKFEnXSfMxop3BbBQ4y9IxyJ219O0FnlYn 3zg4tlYW9ruVQeNhkMwJa6QWFHzzl6mHEI3HK2scr2eO4mTmhb92ZRz6+eu/8Szxzdzf +bfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=yMQnioKJyMZp7DsmcYEWfqqltKHX8tkoCKPovE9yUv8=; b=M+lX/oScjlE6iSCC+Vrcsk6FWoOItEcloCsyDaLHh4MVNOSRSNl4jQZG2qsDE9yToA sjhcyuYSBu/uOXZYiwCD14/QRzG4czFPD7ndY5HwAYgoZXsqO/k3gElkL2Y0m0bdI4aZ AaKgNUcVEQhLrEwZuyyEi1DEwnRyDSjcszOiIVwzWk+xExU+nbJYLrqDoqxIkrk4Ehhm FrPuBTnLPXj976LZULc8JL+0csAnaEZfRDtfqakMk/Ss8lRir/DLcr0+XLy/u7E9NAns IEND5UKoLox5FVWl75AZXB1Suze7JhkapOJUhloRlbQ6U2LbX93lexx0QK8uQpCn45+8 v+Iw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gz11si4526791ejc.745.2021.03.12.08.43.48; Fri, 12 Mar 2021 08:44:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232502AbhCLQmn (ORCPT + 99 others); Fri, 12 Mar 2021 11:42:43 -0500 Received: from raptor.unsafe.ru ([5.9.43.93]:49802 "EHLO raptor.unsafe.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232952AbhCLQmF (ORCPT ); Fri, 12 Mar 2021 11:42:05 -0500 Received: from comp-core-i7-2640m-0182e6.redhat.com (ip-94-113-225-162.net.upcbroadband.cz [94.113.225.162]) by raptor.unsafe.ru (Postfix) with ESMTPSA id 86ACF40CA4; Fri, 12 Mar 2021 16:42:02 +0000 (UTC) From: Alexey Gladkov To: LKML , "Eric W . Biederman" Cc: Alexey Gladkov , Alexander Viro , Kees Cook , Linux Containers , Linux FS Devel Subject: [PATCH v6 3/5] proc: Disable cancellation of subset=pid option Date: Fri, 12 Mar 2021 17:41:46 +0100 Message-Id: <7bcb66c11afc2ac0032ee3bc1e64437481df7b9d.1615567183.git.gladkov.alexey@gmail.com> X-Mailer: git-send-email 2.29.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (raptor.unsafe.ru [0.0.0.0]); Fri, 12 Mar 2021 16:42:02 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When procfs is mounted with subset=pid option, where is no way to remount it with this option removed. This is done in order not to make visible what ever was hidden since some checks occur during mount. This patch makes the limitation explicit and prints an error message. Signed-off-by: Alexey Gladkov --- fs/proc/root.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/fs/proc/root.c b/fs/proc/root.c index 6a75ac717455..0d20bb67e79a 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c @@ -145,7 +145,7 @@ static int proc_parse_param(struct fs_context *fc, struct fs_parameter *param) return 0; } -static void proc_apply_options(struct proc_fs_info *fs_info, +static int proc_apply_options(struct proc_fs_info *fs_info, struct fs_context *fc, struct user_namespace *user_ns) { @@ -155,8 +155,12 @@ static void proc_apply_options(struct proc_fs_info *fs_info, fs_info->pid_gid = make_kgid(user_ns, ctx->gid); if (ctx->mask & (1 << Opt_hidepid)) fs_info->hide_pid = ctx->hidepid; - if (ctx->mask & (1 << Opt_subset)) + if (ctx->mask & (1 << Opt_subset)) { + if (ctx->pidonly != PROC_PIDONLY_ON && fs_info->pidonly == PROC_PIDONLY_ON) + return invalf(fc, "proc: subset=pid cannot be unset\n"); fs_info->pidonly = ctx->pidonly; + } + return 0; } static int proc_fill_super(struct super_block *s, struct fs_context *fc) @@ -172,7 +176,9 @@ static int proc_fill_super(struct super_block *s, struct fs_context *fc) fs_info->pid_ns = get_pid_ns(ctx->pid_ns); fs_info->mounter_cred = get_cred(fc->cred); - proc_apply_options(fs_info, fc, current_user_ns()); + ret = proc_apply_options(fs_info, fc, current_user_ns()); + if (ret) + return ret; /* User space would break if executables or devices appear on proc */ s->s_iflags |= SB_I_USERNS_VISIBLE | SB_I_NOEXEC | SB_I_NODEV; @@ -224,8 +230,7 @@ static int proc_reconfigure(struct fs_context *fc) put_cred(fs_info->mounter_cred); fs_info->mounter_cred = get_cred(fc->cred); - proc_apply_options(fs_info, fc, current_user_ns()); - return 0; + return proc_apply_options(fs_info, fc, current_user_ns()); } static int proc_get_tree(struct fs_context *fc) -- 2.29.3