Kees Cook <keescook@xxxxxxxxxxxx> writes:
Ah! I see the v2 here now. :) Can you please include that in your
Subject next time, as "[PATCH v2] proc: Allow restricting permissions
in /proc/sys"? Also, can you adjust your MUA to not send a duplicate
attachment? The patch inline is fine.
Please CC akpm as well, since I think this should likely go through the
-mm tree.
Eric, do you have any other thoughts on this?
This works seems to be a cousin of having a proc that is safe for
containers.
Which leads to the whole mess that hide_pid is broken in proc last I
looked.
So my sense is that what we want to do is not allow changing the
permissions but to sort through what it will take to provide actual
mount options to proc (that are per mount). Thus removing the sharing
that is (currently?) breaking the hide_pid option.
With such an infrastructure in place we can provide a mount option
(possibly default on when mounted by non-root) that keeps anything that
unprivileged users don't need out of proc. Which is likely to be most
things except the pid files.
It is something I probably should be working on, but I got derailed
by the disaster that has that happened with mounting. Even after
I gave code review and showed them how to avoid it the new mount api
is still not possible to use safely.