Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2800314rwb; Thu, 29 Sep 2022 15:29:09 -0700 (PDT) X-Google-Smtp-Source: AMsMyM55raMJe5r/KpKWDQYV1SW3P1laT+XrXP2yk5a9+OcQk/O1c+1P+k6oxU5AIKAOu/B1Bbmp X-Received: by 2002:a17:90a:3989:b0:205:e4c2:e09b with SMTP id z9-20020a17090a398900b00205e4c2e09bmr6121940pjb.190.1664490549701; Thu, 29 Sep 2022 15:29:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664490549; cv=none; d=google.com; s=arc-20160816; b=bmL06HXENV5X73m1yZLLfc3NEHGaMushP4ML7hZislhpiqkTnCHR8yaM5CWnv73weX 0e3d566cTJd4QuySQFt1KQHr7NgWf0JumzLFhLCjlsjTAw2war+qbhCkLLJ9MW50FId7 1BuVxIqTK8H2dKzWkQf6r1Ekv8SXUBukiHUnaP4QzyJGv12KGAYmMavn3bjs27yU+qnh uUmEuyfVtGPvpc6HoYoO/x4g+gkG749s4qT1e4vtjLS1DocZzZVncMIq8MCy3YRKgdxR bKwiTEDui4HbCbzF3xysc8D9Ta/DzsXZMSRRVl16Ntc3LRHHnsQ1JCVrWm6baW8ZI3Ov 1JLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:mime-version:user-agent:message-id :in-reply-to:date:references:cc:to:from; bh=Xt63LwzF78zaUrgjeVWrFgRFEWel66xg6DMdztspA8s=; b=Dq5oRhzFqy9RdwwpJGFilsXDc5s2UbCfTVs3pu06TKFDYedySxEHKimvNDrasPIOJc Qbf3vJeUYz1p5F0+3Um9cRjytnma+OwSHKOZRtu5Xj0oBC+UrhZGJvQY12fRlPeI6EfF ppEFDsKcvUStSmTRUaJKuGWxkUl9QVGP67jVc3rhufKAN+BVkbS7c4UbLqRdvv1KdbfI DHrgbDZkFMKHCN6WwtVCOXYLH3jcHgvPBCG7IgZzc2dVQeEFTzfRLHCswI0EeHGXmx8E 4aJ9pC/dHVet2vcF2P0ubTxSEkYhejiHXm8mMmYHbKbjb7+6dMBZOMBKMH/5Du4UMkwB IYlA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j9-20020a635509000000b0042ad04f3686si1014216pgb.616.2022.09.29.15.28.57; Thu, 29 Sep 2022 15:29:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229960AbiI2WP4 (ORCPT + 99 others); Thu, 29 Sep 2022 18:15:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229908AbiI2WPw (ORCPT ); Thu, 29 Sep 2022 18:15:52 -0400 Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D655FE066; Thu, 29 Sep 2022 15:15:51 -0700 (PDT) Received: from in02.mta.xmission.com ([166.70.13.52]:55560) by out02.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1oe1oq-002lCZ-1p; Thu, 29 Sep 2022 16:15:48 -0600 Received: from ip68-110-29-46.om.om.cox.net ([68.110.29.46]:45284 helo=email.froward.int.ebiederm.org.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1oe1op-000Pl2-7Q; Thu, 29 Sep 2022 16:15:47 -0600 From: "Eric W. Biederman" To: Linus Torvalds Cc: Al Viro , David Laight , "linux-kernel@vger.kernel.org" , "netdev@vger.kernel.org" , "Serge E. Hallyn" References: Date: Thu, 29 Sep 2022 17:14:15 -0500 In-Reply-To: (Linus Torvalds's message of "Thu, 29 Sep 2022 14:29:03 -0700") Message-ID: <871qrt4ymg.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1oe1op-000Pl2-7Q;;;mid=<871qrt4ymg.fsf@email.froward.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.110.29.46;;;frm=ebiederm@xmission.com;;;spf=softfail X-XM-AID: U2FsdGVkX1/Kgg40InDQOLmiJmmc2A5ti3S+yB3YXvs= X-SA-Exim-Connect-IP: 68.110.29.46 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ****;Linus Torvalds X-Spam-Relay-Country: X-Spam-Timing: total 305 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 10 (3.2%), b_tie_ro: 8 (2.7%), parse: 1.05 (0.3%), extract_message_metadata: 13 (4.1%), get_uri_detail_list: 0.91 (0.3%), tests_pri_-1000: 9 (3.0%), tests_pri_-950: 1.06 (0.3%), tests_pri_-900: 0.80 (0.3%), tests_pri_-90: 114 (37.2%), check_bayes: 111 (36.4%), b_tokenize: 4.7 (1.5%), b_tok_get_all: 5 (1.8%), b_comp_prob: 1.72 (0.6%), b_tok_touch_all: 96 (31.4%), b_finish: 0.99 (0.3%), tests_pri_0: 145 (47.4%), check_dkim_signature: 0.45 (0.1%), check_dkim_adsp: 10 (3.2%), poll_dns_idle: 0.74 (0.2%), tests_pri_10: 2.0 (0.7%), tests_pri_500: 7 (2.4%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH 3/4] proc: Point /proc/net at /proc/thread-self/net instead of /proc/self/net X-SA-Exim-Version: 4.2.1 (built Sat, 08 Feb 2020 21:53:50 +0000) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linus Torvalds writes: > On Thu, Sep 29, 2022 at 2:15 PM Al Viro wrote: >> >> FWIW, what e.g. debian profile for dhclient has is >> @{PROC}/@{pid}/net/dev r, >> >> Note that it's not >> @{PROC}/net/dev r, > > Argh. Yeah, then a bind mount or a hardlink won't work either, you're > right. I was assuming that any Apparmor rules allowed for just > /proc/net. > > Oh well. I guess we're screwed any which way we turn. I actually think there is a solution. Instead of going to /proc/self/net -> /proc/tgid/net or /proc/thread-self/net -> /proc/tgid/task/tid/net We should be able to go to: /proc/tid/net That directory does not show up in readdir, but the tid directories were put in /proc because of how our pthread support evolved and gdb which made gdb expect them to be their. That should continue to work with the incomplete apparmor rules that don't allow accessing /proc/tgid/tid/net for some reason. Eric