[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 3 Jun 2011 23:11:53 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Cc: Eugene Teo <eugeneteo@...il.com>
Subject: procfs mount options
Vasiliy, Eugene, all -
I welcome suggestions on how to achieve the desired functionality for
procfs in a non-confusing and generic way. It should support the
following reasonable configuration:
/proc/PID directories restricted to group proc (except for owners and
root, indeed). However, /proc/cpuinfo and the like unrestricted.
Here's what this looks like on Linux 2.4.x-ow:
dr-xr-x--- 3 root proc 0 Jun 3 22:59 1
...
dr-xr-x--- 3 syslogd proc 0 Jun 3 22:59 205
dr-xr-x--- 3 klogd proc 0 Jun 3 22:59 211
...
-r--r--r-- 1 root proc 0 Jun 3 23:00 cpuinfo
...
-r-------- 1 root proc 536743936 Jun 3 23:00 kcore
-r-------- 1 root proc 0 May 5 20:36 kmsg
...
dr-xr-x--- 5 root proc 0 Jun 3 23:00 net
...
-r--r--r-- 1 root proc 0 Jun 3 23:00 uptime
-r--r--r-- 1 root proc 0 Jun 3 23:00 version
Perhaps gid=proc,umask=007 should result in the above for /proc/PID, but
how do we justify it not affecting /proc/cpuinfo, uptime, version (and
many others)? How do we justify it nevertheless affecting /proc/net (or
should another option do that)?
Indeed, we could set some of these perms with chmod post-mount, but as
discussed this has drawbacks. So ideally our preferred configuration
(which will be the default on Owl) should be achievable with mount
options alone.
Thanks,
Alexander
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
