[PATCH v10 7/9] proc: move hidepid values to uapi as they are user interface to mount
Kees Cook
keescook at chromium.org
Sun Mar 29 03:17:05 UTC 2020
On Sun, Mar 29, 2020 at 12:00:46AM +0100, Alexey Gladkov wrote:
> On Sat, Mar 28, 2020 at 02:53:49PM -0700, Kees Cook wrote:
> > > > > +/* definitions for hide_pid field */
> > > > > +enum {
> > > > > + HIDEPID_OFF = 0,
> > > > > + HIDEPID_NO_ACCESS = 1,
> > > > > + HIDEPID_INVISIBLE = 2,
> > > > > + HIDEPID_NOT_PTRACEABLE = 4,
> > > > > +};
> > > > Should the numeric values still be UAPI if there is string parsing now?
> > >
> > > I think yes, because these are still valid hidepid= values.
> >
> > But if we don't expose the values, we can do whatever we like with
> > future numbers (e.g. the "is this a value or a bit field?" question).
>
> Alexey Dobriyan suggested to put these parameters into the UAPI and it
> makes sense because these are user parameters.
Okidokey. :) Anyway, ignore my HIDEPID_MAX idea then, since this could
become a bitfield. Just checking for individual bits is the way to go
for now. Sorry for the noise.
--
Kees Cook
More information about the Linux-security-module-archive
mailing list