From patchwork Wed Jan 25 15:28:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Gladkov X-Patchwork-Id: 13115812 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 640A7C27C76 for ; Wed, 25 Jan 2023 15:30:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235827AbjAYPaA (ORCPT ); Wed, 25 Jan 2023 10:30:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236062AbjAYP3u (ORCPT ); Wed, 25 Jan 2023 10:29:50 -0500 Received: from us-smtp-delivery-44.mimecast.com (us-smtp-delivery-44.mimecast.com [205.139.111.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0059D59E54 for ; Wed, 25 Jan 2023 07:29:44 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-554-J2YxgZukPJadicB8_9FLOw-1; Wed, 25 Jan 2023 10:29:38 -0500 X-MC-Unique: J2YxgZukPJadicB8_9FLOw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 97A4E800B30; Wed, 25 Jan 2023 15:29:37 +0000 (UTC) Received: from comp-core-i7-2640m-0182e6.redhat.com (ovpn-208-16.brq.redhat.com [10.40.208.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id D290B2026D4B; Wed, 25 Jan 2023 15:29:35 +0000 (UTC) From: Alexey Gladkov To: LKML , containers@lists.linux.dev, linux-fsdevel@vger.kernel.org Cc: Alexey Dobriyan , Al Viro , Andrew Morton , Christian Brauner , Val Cowan Subject: [RFC PATCH v1 6/6] doc: proc: Add description of subset=allowlist Date: Wed, 25 Jan 2023 16:28:53 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Signed-off-by: Alexey Gladkov --- Documentation/filesystems/proc.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index e224b6d5b642..c2598bca8193 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -2213,6 +2213,16 @@ information about processes information, just add identd to this group. subset=pid hides all top level files and directories in the procfs that are not related to tasks. +subset=allowlist allows you to specify a list of files and directories to +which you want to provide access. If the option is specified, then the +/proc/allowlist will appear at the top level of the filesystem. By default, this +file contains only its name. The user can add or remove other filenames and +directories. To prohibit editing the allowlist, you need to exclude its name +from the list of allowed ones. + +Different subset= option arguments can be combined using the plus(+) delimiter. +For example: subset=pid+allowlist + Chapter 5: Filesystem behavior ==============================