diff options
author | Alexey Gladkov <gladkov.alexey@gmail.com> | 2020-04-19 16:10:54 +0200 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2020-04-22 17:51:22 +0200 |
commit | 6814ef2d992af09451bbeda4770daa204461329e (patch) | |
tree | a0f3fad657964e61bc5c04e4add4e1255b33b7ed /fs/proc/inode.c | |
parent | proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option (diff) | |
download | linux-6814ef2d992af09451bbeda4770daa204461329e.tar.xz linux-6814ef2d992af09451bbeda4770daa204461329e.zip |
proc: add option to mount only a pids subset
This allows to hide all files and directories in the procfs that are not
related to tasks.
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
Reviewed-by: Alexey Dobriyan <adobriyan@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/proc/inode.c')
-rw-r--r-- | fs/proc/inode.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/proc/inode.c b/fs/proc/inode.c index 9c756531282a..0d5e68fa842f 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -173,6 +173,8 @@ static int proc_show_options(struct seq_file *seq, struct dentry *root) seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, fs_info->pid_gid)); if (fs_info->hide_pid != HIDEPID_OFF) seq_printf(seq, ",hidepid=%u", fs_info->hide_pid); + if (fs_info->pidonly != PROC_PIDONLY_OFF) + seq_printf(seq, ",subset=pid"); return 0; } @@ -463,6 +465,7 @@ proc_reg_get_unmapped_area(struct file *file, unsigned long orig_addr, static int proc_reg_open(struct inode *inode, struct file *file) { + struct proc_fs_info *fs_info = proc_sb_info(inode->i_sb); struct proc_dir_entry *pde = PDE(inode); int rv = 0; typeof_member(struct proc_ops, proc_open) open; @@ -476,6 +479,9 @@ static int proc_reg_open(struct inode *inode, struct file *file) return rv; } + if (fs_info->pidonly == PROC_PIDONLY_ON) + return -ENOENT; + /* * Ensure that * 1) PDE's ->release hook will be called no matter what |