[PATCH v5 7/7] proc: add option to mount only a pids subset

Jann Horn jannh at google.com
Fri May 11 13:58:39 UTC 2018


On Fri, May 11, 2018 at 11:37 AM, Alexey Gladkov
<gladkov.alexey at gmail.com> wrote:
> This allows to hide all files and directories in the procfs that are not
> related to tasks.

/proc/$pid/net and /proc/$pid/task/$tid/net aren't in scope for this
protection, even though they contain information about the whole
network namespace of the task, right?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list