system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-22 12:26:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/fs/proc
History
Eric W. Biederman aee1c13dd0 proc: Restrict mounting the proc filesystem 
Don't allow mounting the proc filesystem unless the caller has
CAP_SYS_ADMIN rights over the pid namespace.  The principle here is if
you create or have capabilities over it you can mount it, otherwise
you get to live with what other people have mounted.

Andy pointed out that this is needed to prevent users in a user
namespace from remounting proc and specifying different hidepid and gid
options on already existing proc mounts.

Cc: stable@vger.kernel.org
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2013-08-26 11:36:58 -07:00
..
array.c kthread: Prevent unpark race which puts threads on the wrong cpu 2013-04-12 14:18:43 +02:00
base.c proc_fill_cache(): clean up, get rid of pointless find_inode_number() use 2013-06-29 12:57:19 +04:00
cmdline.c proc: switch /proc/cmdline to seq_file 2008-10-23 14:29:04 +04:00
consoles.c console: rename acquire/release_console_sem() to console_lock/unlock() 2011-01-26 10:50:06 +10:00
cpuinfo.c proc: move /proc/cpuinfo code to fs/proc/cpuinfo.c 2008-10-23 15:05:11 +04:00
devices.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
fd.c proc_fill_cache(): just make instantiate_t return int 2013-06-29 12:57:18 +04:00
fd.h proc: Move proc_fd() to fs/proc/fd.h 2013-05-01 17:29:39 -04:00
generic.c [readdir] convert procfs 2013-06-29 12:56:32 +04:00
inode.c proc: Split the namespace stuff out into linux/proc_ns.h 2013-05-01 17:29:39 -04:00
internal.h proc_fill_cache(): just make instantiate_t return int 2013-06-29 12:57:18 +04:00
interrupts.c proc: move /proc/interrupts boilerplate code to fs/proc/interrupts.c 2008-10-23 15:15:46 +04:00
Kconfig kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
kcore.c fs/proc/kcore.c: using strlcpy() instead of strncpy() 2013-07-03 16:08:02 -07:00
kmsg.c kmsg: honor dmesg_restrict sysctl on /dev/kmsg 2013-06-12 16:29:44 -07:00
loadavg.c sched, timers: cleanup avenrun users 2009-05-15 15:32:45 +02:00
Makefile mm, vmalloc: move get_vmalloc_info() to vmalloc.c 2013-04-29 15:54:33 -07:00
meminfo.c mm, vmalloc: move get_vmalloc_info() to vmalloc.c 2013-04-29 15:54:33 -07:00
namespaces.c proc_fill_cache(): just make instantiate_t return int 2013-06-29 12:57:18 +04:00
nommu.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
page.c kpageflags: fix wrong KPF_THP on non-huge compound pages 2012-10-09 16:23:00 +09:00
proc_devtree.c proc_devtree: Replace include linux/module.h with linux/export.h 2013-05-04 15:31:01 -04:00
proc_net.c [readdir] convert procfs 2013-06-29 12:56:32 +04:00
proc_sysctl.c Don't pass inode to ->d_hash() and ->d_compare() 2013-06-29 12:57:36 +04:00
proc_tty.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
root.c proc: Restrict mounting the proc filesystem 2013-08-26 11:36:58 -07:00
self.c Include missing linux/slab.h inclusions 2013-04-29 15:42:01 -04:00
softirqs.c proc: use seq_puts()/seq_putc() where possible 2011-01-13 08:03:16 -08:00
stat.c stat: Use size_t for sizes instead of unsigned 2013-02-01 12:32:08 +02:00
task_mmu.c pagemap: prepare to reuse constant bits with page-shift 2013-07-03 16:07:26 -07:00
task_nommu.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
uptime.c fs/proc/uptime.c:uptime_proc_show(): use get_monotonic_boottime() 2013-07-03 16:08:02 -07:00
version.c proc: switch /proc/version to seq_file 2008-10-23 14:19:58 +04:00
vmcore.c vmcore: support mmap() on /proc/vmcore 2013-07-03 16:07:30 -07:00