|
Message-ID: <20180514090117.GC28179@comp-core-i7-2640m-0182e6> Date: Mon, 14 May 2018 11:01:17 +0200 From: Alexey Gladkov <gladkov.alexey@...il.com> To: Jann Horn <jannh@...gle.com> Cc: Kees Cook <keescook@...omium.org>, Andy Lutomirski <luto@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-fsdevel@...r.kernel.org, kernel list <linux-kernel@...r.kernel.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, linux-security-module <linux-security-module@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Alexander Viro <viro@...iv.linux.org.uk>, Akinobu Mita <akinobu.mita@...il.com>, Oleg Nesterov <oleg@...hat.com>, Jeff Layton <jlayton@...chiereds.net>, Ingo Molnar <mingo@...nel.org>, Alexey Dobriyan <adobriyan@...il.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linus Torvalds <torvalds@...ux-foundation.org>, aniel Micay <danielmicay@...il.com>, Jonathan Corbet <corbet@....net>, bfields@...ldses.org, Stephen Rothwell <sfr@...b.auug.org.au>, Solar Designer <solar@...nwall.com>, "Dmitry V. Levin" <ldv@...linux.org>, Djalal Harouni <tixxdz@...il.com> Subject: Re: [PATCH v5 7/7] proc: add option to mount only a pids subset On Fri, May 11, 2018 at 03:58:39PM +0200, Jann Horn wrote: > On Fri, May 11, 2018 at 11:37 AM, Alexey Gladkov > <gladkov.alexey@...il.com> wrote: > > This allows to hide all files and directories in the procfs that are not > > related to tasks. > > /proc/$pid/net and /proc/$pid/task/$tid/net aren't in scope for this > protection, even though they contain information about the whole > network namespace of the task, right? Yes. The pidonly makes visible only pids subset. You can still access the process namespaces via /proc/$pid/ns. We can think of additional constraints since the parameters are not stored in the pid namespace anymore. -- Rgrds, legion
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.