Re: [PATCH v2] proc: "mount -o lookup=" support
From: Alexey Dobriyan
Date: Thu Jan 20 2022 - 07:26:34 EST
On Wed, Jan 19, 2022 at 06:04:32PM +0100, Alexey Gladkov wrote:
> On Wed, Jan 19, 2022 at 06:48:03PM +0300, Alexey Dobriyan wrote:
> > >From 61376c85daab50afb343ce50b5a97e562bc1c8d3 Mon Sep 17 00:00:00 2001
> > From: Alexey Dobriyan <adobriyan@xxxxxxxxx>
> > Date: Mon, 22 Nov 2021 20:41:06 +0300
> > Subject: [PATCH 1/1] proc: "mount -o lookup=..." support
> >
> > Docker implements MaskedPaths configuration option
> >
> > https://github.com/estesp/docker/blob/9c15e82f19b0ad3c5fe8617a8ec2dddc6639f40a/oci/defaults.go#L97
> >
> > to disable certain /proc files. It overmounts them with /dev/null.
> >
> > Implement proper mount option which selectively disables lookup/readdir
> > in the top level /proc directory so that MaskedPaths doesn't need
> > to be updated as time goes on.
> >
> > Syntax is
> >
> > Filter everything
> > # mount -t proc -o lookup=/ proc /proc
> > # ls /proc
> > dr-xr-xr-x 8 root root 0 Nov 22 21:12 995
> > lrwxrwxrwx 1 root root 0 Nov 22 21:12 self -> 1163
> > lrwxrwxrwx 1 root root 0 Nov 22 21:12 thread-self -> 1163/task/1163
> >
> > Allow /proc/cpuinfo and /proc/uptime
> > # mount -t proc proc -o lookup=cpuinfo/uptime /proc
> >
> > # ls /proc
> > ...
> > dr-xr-xr-x 8 root root 0 Nov 22 21:12 995
> > -r--r--r-- 1 root root 0 Nov 22 21:12 cpuinfo
> > lrwxrwxrwx 1 root root 0 Nov 22 21:12 self -> 1163
> > lrwxrwxrwx 1 root root 0 Nov 22 21:12 thread-self -> 1163/task/1163
> > -r--r--r-- 1 root root 0 Nov 22 21:12 uptime
> >
> > Trailing slash is optional but saves 1 allocation.
> > Trailing slash is mandatory for "filter everything".
> >
> > Remounting with lookup= is disabled so that files and dcache entries
> > don't stay active while filter list is changed. Users are supposed
> > to unmount and mount again with different lookup= set.
> > Remount rules may change in the future. (Eric W. Biederman)
> >
> > Re: speed
> > This is the price for filtering, given that lookup= is whitelist it is
> > not supposed to be very long. Second, it is one linear memory scan per
> > lookup, there are no linked lists. It may be faster than rbtree in fact.
> > It consumes 1 allocation per superblock which is list of names itself.
> >
> > Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
> > ---
> >
> > v2
> > documentation!
> > descriptive comments!
> > disable remount
> >
> > Documentation/filesystems/proc.rst | 8 ++
> > fs/proc/generic.c | 18 ++--
> > fs/proc/internal.h | 31 ++++++-
> > fs/proc/proc_net.c | 2 +-
> > fs/proc/root.c | 127 ++++++++++++++++++++++++++++-
> > include/linux/proc_fs.h | 2 +
> > 6 files changed, 178 insertions(+), 10 deletions(-)
> >
> > diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst
> > index 8d7f141c6fc7..9a328f0b4346 100644
> > --- a/Documentation/filesystems/proc.rst
> > +++ b/Documentation/filesystems/proc.rst
> > @@ -2186,6 +2186,7 @@ The following mount options are supported:
> > hidepid= Set /proc/<pid>/ access mode.
> > gid= Set the group authorized to learn processes information.
> > subset= Show only the specified subset of procfs.
> > + lookup= Top-level /proc filter, independent of subset=
>
> Will it be possible to combine lookup= and subset= options when mounting?
Currently only subset=pid is implemented, which is equivalent to
mount -t proc -o lookup=/ proc /proc
In the future subset= might expand and lookup= could filter whatever
exposed.
> > +lookup= mount option makes available only listed files/directories in
> > +the top-level /proc directory. Individual names are separated
> > +by slash. Empty list is equivalent to subset=pid. lookup= filters before
> > +subset= if both options are supplied. lookup= doesn't affect /proc/${pid}
> > +directories availability as well as /proc/self and /proc/thread-self
> > +symlinks. More fine-grained filtering is not supported at the moment.