Re: [PATCH] proc: move mount options out of pid_namespace

On Wednesday, July 10, 2013 07:59:08 Eric W. Biederman wrote: > Stephen Mell writes: > > > Currently, the proc mount options hidepid and pidgid are stored on the > > pid_namespace struct that serves as proc's superblock info. As a > > result, mounting proc fro

[PATCH] proc: move mount options out of pid_namespace

a new struct, proc_sb_info, which contains the mount options and a reference to to the pid namespace. This should enable a future patch to make the pid namespace a mount option. Signed-off-by: Stephen Mell --- fs/proc/base.c| 41 ++ fs/proc/in

securebits: add exec_inherit flag to prevent changes to process credentials during execve

From: Stephen Mell Currently, it is nearly impossible to give a capability to a non-root user that will stick around after the first execve. This patch adds a new securebit, exec_inherit, which causes all credential modification logic to be skipped. This is already possible, in a hackish

proc: add nsfd mount option to allow mounting for pid namespaces other than the current

From: Stephen Mell Currently, there is no userspace method to mount proc for a pid namespace other than the current one. In light of the new namespace filedescriptors, this patch adds a mount option to use the namespace represented by the specified filedescriptor instead of the current pid

[PATCH] proc: move proc mount options out of pid_namespace

From: Stephen Mell hide_pid and pid_gid are proc mount options whose values are stored in the pid_namespace struct. As a result, if one mounts proc again for the same PID namespace with different mount options, all mounts for that PID namespace will be affected. This seems undesirable. This

Re: [PATCH] proc: move proc mount options out of pid_namespace

On Friday, May 24, 2013 17:14:13 Gu Zheng wrote: > One fuzzy way in my mind, I'm not sure whether it's OK, but we can discuss it. > Split hide_pid, pid_gid, and proc_self from pid_namespace, and create struct > proc_sb_info(maybe the name "proc_mount_info" is better). > And create a new list dom

Re: [PATCH] proc: move proc mount options out of pid_namespace

Gu, On Friday, May 24, 2013 11:03:31 Gu Zheng wrote: > Hi Stephen, > > On 05/24/2013 07:32 AM, Stephen Mell wrote: > > > On Thursday, May 23, 2013 18:20:57 Gu Zheng wrote: > > > >> Here it'll create a new proc sb instance which holds the same context a

Re: [PATCH] proc: move proc mount options out of pid_namespace

On Thursday, May 23, 2013 18:20:57 Gu Zheng wrote: > Here it'll create a new proc sb instance which holds the same context as the > old ones > each time we mount proc though in the same PID namespace, won't it? I believe so. But this is the point, right? They won't be identical if different moun

[PATCH] proc: move proc mount options out of pid_namespace

From: Stephen Mell hide_pid and pid_gid are proc mount options whose values are stored in the pid_namespace struct. As a result, if one mounts proc again for the same PID namespace with different mount options, all mounts for that PID namespace will be affected. This seems undesirable. This