From patchwork Wed Jan 25 15:28:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Gladkov X-Patchwork-Id: 4515 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp339180wrn; Wed, 25 Jan 2023 07:38:58 -0800 (PST) X-Google-Smtp-Source: AMrXdXvrh9MgjgF4hSmWMgEJ8QAz0vrFUtioRPaHVdGp7SejvsrB1d879SqNWjKNLVmRM6Wr1Jvj X-Received: by 2002:a05:6a20:7d8e:b0:b8:8060:ce5c with SMTP id v14-20020a056a207d8e00b000b88060ce5cmr43667136pzj.44.1674661138075; Wed, 25 Jan 2023 07:38:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674661138; cv=none; d=google.com; s=arc-20160816; b=wDdKvngrp4Fx7qU9GQvPr1Vepwd/8CdcfRr99gb1nIZ5q5uAu7W6XsYrpNdfsVvPXF pDIs4EyexUui0G80SQuAK+L9HIrH6C/Nn+JaJDQzrh7tmsSHygTpiZEqJhMXVEaTUHKJ K2bdubdvP7Qw786ZkjdKLv8UD7+Db1ilm6+Um4jwT+xuu722p0BIkrHdkA/UQX6oeE4B 25/I/QB3C2a5bGrb3vfSAmIlFZxi4nWwN3eRg770vwwSg6Zg2W+66aDLTJwoRAF7JzY8 AtltmjDyZP2PDEEA3ThZIXq6ae2Xlbvba0urfldeEu216ESlwtgbbtRHos8g5o68F/d3 bY1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=U4n5tmc5Pyx4dlmxamm0UMXyiFAAB7NPSiZWVDhkn7s=; b=DKiPaG5751CyZVsFpiRpIUVJ4PdJu3iXMLPFnkxoTzRMCl7+AqAtwVfXWmgeJ4ZGGH U2NHR1cxKTdGxhGdqP2VGDw+k/shbIbD4hNEtXYPIR8I/+1SFHqiVW1ndWvRzNkkXlYi czaB11Ts2AqML5eSORAJLvT1wRTe0K9SB146dMZjxYkETtwdp7zQ/UHdSBpMmH9N81LN 6wYwOc4Z3piUOYD736NR0Qv42zYHi7Ss92HK0GRQVc6F6k5xEjrQ76mfiHbMnXFv0cPv Io+SQbjxQ6GuANQfgMTS3Eby0bRiHIYmv6QLf70djgI9Dx3a4ffe6jGWoHauEBSsdeuh ngfg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k9-20020a63ab49000000b0049800401654si5467952pgp.348.2023.01.25.07.38.44; Wed, 25 Jan 2023 07:38:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235947AbjAYP3k (ORCPT + 99 others); Wed, 25 Jan 2023 10:29:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235827AbjAYP3e (ORCPT ); Wed, 25 Jan 2023 10:29:34 -0500 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C4F429E25 for ; Wed, 25 Jan 2023 07:29:29 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-312-3EfvZVd9OROi4KMasCLRNA-1; Wed, 25 Jan 2023 10:29:25 -0500 X-MC-Unique: 3EfvZVd9OROi4KMasCLRNA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1ECAC802D1B; Wed, 25 Jan 2023 15:29:25 +0000 (UTC) Received: from comp-core-i7-2640m-0182e6.redhat.com (ovpn-208-16.brq.redhat.com [10.40.208.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D2FF2026D4B; Wed, 25 Jan 2023 15:29:23 +0000 (UTC) From: Alexey Gladkov To: LKML , containers@lists.linux.dev, linux-fsdevel@vger.kernel.org Cc: Alexey Dobriyan , Al Viro , Andrew Morton , Christian Brauner , Val Cowan Subject: [RFC PATCH v1 0/6] proc: Add allowlist for procfs files Date: Wed, 25 Jan 2023 16:28:47 +0100 Message-Id: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756009477530637477?= X-GMAIL-MSGID: =?utf-8?q?1756009477530637477?= The patch expands subset= option. If the proc is mounted with the subset=allowlist option, the /proc/allowlist file will appear. This file contains the filenames and directories that are allowed for this mountpoint. By default, /proc/allowlist contains only its own name. Changing the allowlist is possible as long as it is present in the allowlist itself. This allowlist is applied in lookup/readdir so files that will create modules after mounting will not be visible. Compared to the previous patches [1][2], I switched to a special virtual file from listing filenames in the mount options. [1] https://lore.kernel.org/lkml/20200604200413.587896-1-gladkov.alexey@gmail.com/ [2] https://lore.kernel.org/lkml/YZvuN0Wqmn7XB4dX@localhost.localdomain/ Signed-off-by: Alexey Gladkov --- Alexey Gladkov (6): proc: Fix separator for subset option proc: Add allowlist to control access to procfs files proc: Check that subset= option has been set proc: Allow to use the allowlist filter in userns proc: Validate incoming allowlist doc: proc: Add description of subset=allowlist Documentation/filesystems/proc.rst | 10 + fs/proc/Kconfig | 10 + fs/proc/Makefile | 1 + fs/proc/generic.c | 15 +- fs/proc/inode.c | 16 +- fs/proc/internal.h | 33 ++++ fs/proc/proc_allowlist.c | 300 +++++++++++++++++++++++++++++ fs/proc/root.c | 36 +++- include/linux/proc_fs.h | 18 +- 9 files changed, 420 insertions(+), 19 deletions(-) create mode 100644 fs/proc/proc_allowlist.c