Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible

From: Alexey Dobriyan
Date: Wed Apr 04 2018 - 13:49:19 EST

Next message: David Miller: "[GIT] Networking"
Previous message: Sinan Kaya: "Re: [PATCH v2 2/2] io: prevent compiler reordering on the default readX() implementation"
In reply to: Alexey Dobriyan: "Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible"
Next in thread: Eric W. Biederman: "Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The only option I have seen proposed that might qualify as something
> general purpose and simple is a new filesystem that is just the process
> directories of proc.

While "mount -t pid" and "mount -t sysctl" are decades overdue, I don't
think they cover everything.

IIRC some gcc versions read /proc/meminfo on every invocation. Now
imagine such program doesn't have a fallback if /proc/ doesn't exist
(how many thousands such programs are there?) So user is going to ask
for /proc with just /proc/meminfo only. At this point it is back to
nearly full /proc.

Next message: David Miller: "[GIT] Networking"
Previous message: Sinan Kaya: "Re: [PATCH v2 2/2] io: prevent compiler reordering on the default readX() implementation"
In reply to: Alexey Dobriyan: "Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible"
Next in thread: Eric W. Biederman: "Re: [PATCH] [RFC][WIP] namespace.c: Allow some unprivileged proc mounts when not fully visible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]