[PATCH v5 2/2] proc: restrict /proc/pid/mem
Kees Cook
kees at kernel.org
Wed Jun 12 18:23:48 UTC 2024
On Wed, Jun 12, 2024 at 07:13:41PM +0100, Adrian Ratiu wrote:
> Would macros like the following be acceptable?
> I know it's more verbose but also much easier to understand and it works.
>
> #if IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_ALL)
> DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_read_all);
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_ptracer);
> #elif IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_PTRACE)
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_all);
> DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_read_ptracer);
> #else
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_all);
> DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_ptracer);
> #endif
Yeah, that'd be fine by me. I was a little concerned I was
over-generalizing those macros. :P
--
Kees Cook
More information about the Linux-security-module-archive
mailing list