From patchwork Wed Jan 25 15:28:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Gladkov X-Patchwork-Id: 13115811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7657C54E94 for ; Wed, 25 Jan 2023 15:29:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236005AbjAYP3i (ORCPT ); Wed, 25 Jan 2023 10:29:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235873AbjAYP3e (ORCPT ); Wed, 25 Jan 2023 10:29:34 -0500 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CC8C2BEC2 for ; Wed, 25 Jan 2023 07:29:29 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-312-3EfvZVd9OROi4KMasCLRNA-1; Wed, 25 Jan 2023 10:29:25 -0500 X-MC-Unique: 3EfvZVd9OROi4KMasCLRNA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1ECAC802D1B; Wed, 25 Jan 2023 15:29:25 +0000 (UTC) Received: from comp-core-i7-2640m-0182e6.redhat.com (ovpn-208-16.brq.redhat.com [10.40.208.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D2FF2026D4B; Wed, 25 Jan 2023 15:29:23 +0000 (UTC) From: Alexey Gladkov To: LKML , containers@lists.linux.dev, linux-fsdevel@vger.kernel.org Cc: Alexey Dobriyan , Al Viro , Andrew Morton , Christian Brauner , Val Cowan Subject: [RFC PATCH v1 0/6] proc: Add allowlist for procfs files Date: Wed, 25 Jan 2023 16:28:47 +0100 Message-Id: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org The patch expands subset= option. If the proc is mounted with the subset=allowlist option, the /proc/allowlist file will appear. This file contains the filenames and directories that are allowed for this mountpoint. By default, /proc/allowlist contains only its own name. Changing the allowlist is possible as long as it is present in the allowlist itself. This allowlist is applied in lookup/readdir so files that will create modules after mounting will not be visible. Compared to the previous patches [1][2], I switched to a special virtual file from listing filenames in the mount options. [1] https://lore.kernel.org/lkml/20200604200413.587896-1-gladkov.alexey@gmail.com/ [2] https://lore.kernel.org/lkml/YZvuN0Wqmn7XB4dX@localhost.localdomain/ Signed-off-by: Alexey Gladkov --- Alexey Gladkov (6): proc: Fix separator for subset option proc: Add allowlist to control access to procfs files proc: Check that subset= option has been set proc: Allow to use the allowlist filter in userns proc: Validate incoming allowlist doc: proc: Add description of subset=allowlist Documentation/filesystems/proc.rst | 10 + fs/proc/Kconfig | 10 + fs/proc/Makefile | 1 + fs/proc/generic.c | 15 +- fs/proc/inode.c | 16 +- fs/proc/internal.h | 33 ++++ fs/proc/proc_allowlist.c | 300 +++++++++++++++++++++++++++++ fs/proc/root.c | 36 +++- include/linux/proc_fs.h | 18 +- 9 files changed, 420 insertions(+), 19 deletions(-) create mode 100644 fs/proc/proc_allowlist.c