[PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option
Randy Dunlap
rdunlap at infradead.org
Fri May 11 16:09:04 UTC 2018
On 05/11/2018 02:36 AM, Alexey Gladkov wrote:
> From: Djalal Harouni <tixxdz at gmail.com>
>
> If "limit_pids=1" mount option is set then do not instantiate pids that
> we can not ptrace. "limit_pids=1" means that procfs should only contain
> pids that the caller can ptrace.
Where can I find documentation on these mount options (pidonly, limit_pids)?
Thanks.
> Cc: Kees Cook <keescook at chromium.org>
> Cc: Andy Lutomirski <luto at kernel.org>
> Signed-off-by: Djalal Harouni <tixxdz at gmail.com>
> ---
> fs/proc/base.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
--
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list