[PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount
Kees Cook
keescook at chromium.org
Sat Mar 28 21:53:49 UTC 2020
On Sat, Mar 28, 2020 at 10:25:47PM +0100, Alexey Gladkov wrote:
> On Sat, Mar 28, 2020 at 01:41:02PM -0700, Kees Cook wrote:
> > diff --git a/include/uapi/linux/proc_fs.h b/include/uapi/linux/proc_fs.h
> > > new file mode 100644
> > > index 000000000000..dc6d717aa6ec
> > > --- /dev/null
> > > +++ b/include/uapi/linux/proc_fs.h
> > > @@ -0,0 +1,13 @@
> > > +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
> > > +#ifndef _UAPI_PROC_FS_H
> > > +#define _UAPI_PROC_FS_H
> > > +
> > > +/* definitions for hide_pid field */
> > > +enum {
> > > + HIDEPID_OFF = 0,
> > > + HIDEPID_NO_ACCESS = 1,
> > > + HIDEPID_INVISIBLE = 2,
> > > + HIDEPID_NOT_PTRACEABLE = 4,
> > > +};
> > > +
> > > +#endif
> > > --
> > > 2.25.2
> > >
> >
> > Should the numeric values still be UAPI if there is string parsing now?
>
> I think yes, because these are still valid hidepid= values.
But if we don't expose the values, we can do whatever we like with
future numbers (e.g. the "is this a value or a bit field?" question).
--
Kees Cook
More information about the Linux-security-module-archive
mailing list