Re: [PATCH v10 5/7] proc: prevent reconfiguring subset=pid
From: Aleksa Sarai
Date: Mon Apr 27 2026 - 18:31:42 EST
On 2026-04-27, Alexey Gladkov <legion@xxxxxxxxxx> wrote:
> Changing subset=pid on an existing procfs instance is not safe. If a
> full procfs mount has entries hidden by overmounts, switching it to
> subset=pid would hide the top-level procfs entries from lookup and
> readdir while leaving the existing overmounts reachable.
>
> Reject attempts to change the subset=pid state during reconfigure before
> applying any other procfs mount options, so a failed reconfigure cannot
> partially update the instance.
>
> Signed-off-by: Alexey Gladkov <legion@xxxxxxxxxx>
> ---
> fs/proc/root.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/fs/proc/root.c b/fs/proc/root.c
> index 89e5678129e4..1bf75a4ee146 100644
> --- a/fs/proc/root.c
> +++ b/fs/proc/root.c
> @@ -223,12 +223,17 @@ static int proc_parse_param(struct fs_context *fc, struct fs_parameter *param)
> return 0;
> }
>
> -static void proc_apply_options(struct proc_fs_info *fs_info,
> +static int proc_apply_options(struct proc_fs_info *fs_info,
> struct fs_context *fc,
> struct user_namespace *user_ns)
> {
> struct proc_fs_context *ctx = fc->fs_private;
>
> + if ((ctx->mask & (1 << Opt_subset)) &&
> + fc->purpose == FS_CONTEXT_FOR_RECONFIGURE &&
> + ctx->pidonly != fs_info->pidonly)
> + return invalf(fc, "proc: subset=pid cannot be changed\n");
Minor nit: Unless I'm missing something, you can just use invalfc here
to auto-add the "proc" prefix (which is what most things do). Also, the
newline is unnecessary and will look odd in mount(8) as nobody else adds
newlines (the fs_context log is not newline-separated).
--
Aleksa Sarai
https://www.cyphar.com/
Attachment:
signature.asc
Description: PGP signature