docs: proc: add documentation for "hidepid=4" and "subset=pid" options and new mount behavior

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
Reviewed-by: Alexey Dobriyan <adobriyan@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

authored by

Alexey Gladkov and committed by

Eric W. Biederman 6 years ago 37e7647a 6814ef2d

+54

1 changed file

expand all

Documentation

filesystems

proc.rst

+54

Documentation/filesystems/proc.rst

··· 51 51 4 Configuring procfs 52 52 4.1 Mount options 53 53 54 + 5 Filesystem behavior 55 + 54 56 Preface 55 57 ======= 56 58 ··· 2144 2142 ========= ======================================================== 2145 2143 hidepid= Set /proc/<pid>/ access mode. 2146 2144 gid= Set the group authorized to learn processes information. 2145 + subset= Show only the specified subset of procfs. 2147 2146 ========= ======================================================== 2148 2147 2149 2148 hidepid=0 means classic mode - everybody may access all /proc/<pid>/ directories ··· 2167 2164 privileges, whether other user runs some sensitive program, whether other users 2168 2165 run any program at all, etc. 2169 2166 2167 + hidepid=4 means that procfs should only contain /proc/<pid>/ directories 2168 + that the caller can ptrace. 2169 + 2170 2170 gid= defines a group authorized to learn processes information otherwise 2171 2171 prohibited by hidepid=. If you use some daemon like identd which needs to learn 2172 2172 information about processes information, just add identd to this group. 2173 + 2174 + subset=pid hides all top level files and directories in the procfs that 2175 + are not related to tasks. 2176 + 2177 + 5 Filesystem behavior 2178 + ---------------------------- 2179 + 2180 + Originally, before the advent of pid namepsace, procfs was a global file 2181 + system. It means that there was only one procfs instance in the system. 2182 + 2183 + When pid namespace was added, a separate procfs instance was mounted in 2184 + each pid namespace. So, procfs mount options are global among all 2185 + mountpoints within the same namespace. 2186 + 2187 + :: 2188 + 2189 + # grep ^proc /proc/mounts 2190 + proc /proc proc rw,relatime,hidepid=2 0 0 2191 + 2192 + # strace -e mount mount -o hidepid=1 -t proc proc /tmp/proc 2193 + mount("proc", "/tmp/proc", "proc", 0, "hidepid=1") = 0 2194 + +++ exited with 0 +++ 2195 + 2196 + # grep ^proc /proc/mounts 2197 + proc /proc proc rw,relatime,hidepid=2 0 0 2198 + proc /tmp/proc proc rw,relatime,hidepid=2 0 0 2199 + 2200 + and only after remounting procfs mount options will change at all 2201 + mountpoints. 2202 + 2203 + # mount -o remount,hidepid=1 -t proc proc /tmp/proc 2204 + 2205 + # grep ^proc /proc/mounts 2206 + proc /proc proc rw,relatime,hidepid=1 0 0 2207 + proc /tmp/proc proc rw,relatime,hidepid=1 0 0 2208 + 2209 + This behavior is different from the behavior of other filesystems. 2210 + 2211 + The new procfs behavior is more like other filesystems. Each procfs mount 2212 + creates a new procfs instance. Mount options affect own procfs instance. 2213 + It means that it became possible to have several procfs instances 2214 + displaying tasks with different filtering options in one pid namespace. 2215 + 2216 + # mount -o hidepid=2 -t proc proc /proc 2217 + # mount -o hidepid=1 -t proc proc /tmp/proc 2218 + # grep ^proc /proc/mounts 2219 + proc /proc proc rw,relatime,hidepid=2 0 0 2220 + proc /tmp/proc proc rw,relatime,hidepid=1 0 0