Fw: [PATCH] proc: Update inode upon changing task security attribute
Paul Moore
paul at paul-moore.com
Fri Dec 8 22:43:30 UTC 2023
On Thu, Dec 7, 2023 at 9:14 PM Munehisa Kamata <kamatam at amazon.com> wrote:
> On Tue, 2023-12-05 14:21:51 -0800, Paul Moore wrote:
...
> > I think my thoughts are neatly summarized by Andrew's "yuk!" comment
> > at the top. However, before we go too much further on this, can we
> > get clarification that Casey was able to reproduce this on a stock
> > upstream kernel? Last I read in the other thread Casey wasn't seeing
> > this problem on Linux v6.5.
> >
> > However, for the moment I'm going to assume this is a real problem, is
> > there some reason why the existing pid_revalidate() code is not being
> > called in the bind mount case? From what I can see in the original
> > problem report, the path walk seems to work okay when the file is
> > accessed directly from /proc, but fails when done on the bind mount.
> > Is there some problem with revalidating dentrys on bind mounts?
>
> Hi Paul,
>
> https://lkml.kernel.org/linux-fsdevel/20090608201745.GO8633@ZenIV.linux.org.uk/
>
> After reading this thread, I have doubt about solving this in VFS.
> Honestly, however, I'm not sure if it's entirely relevant today.
Have you tried simply mounting proc a second time instead of using a bind mount?
% mount -t proc non /new/location/for/proc
I ask because from your description it appears that proc does the
right thing with respect to revalidation, it only becomes an issue
when accessing proc through a bind mount. Or did I misunderstand the
problem?
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list