proc: add option to mount only a pids subset

This allows to hide all files and directories in the procfs that are not related to tasks. Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com> Reviewed-by: Alexey Dobriyan <adobriyan@gmail.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Alexey Gladkov <gladkov.alexey@gmail.com> 2020-04-19 16:10:54 +0200
committer: Eric W. Biederman <ebiederm@xmission.com> 2020-04-22 10:51:22 -0500
commit: 6814ef2d992af09451bbeda4770daa204461329e (patch)
tree: a0f3fad657964e61bc5c04e4add4e1255b33b7ed /include/linux/proc_fs.h
parent: 24a71ce5c47f6b1b3cdacf544cb24220f5c3b7ef (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 5bdc117ae947..8bc31ba5cd9c 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -50,12 +50,19 @@ enum {
 	HIDEPID_NOT_PTRACEABLE = 4, /* Limit pids to only ptraceable pids */
 };
 
+/* definitions for proc mount option pidonly */
+enum {
+	PROC_PIDONLY_OFF = 0,
+	PROC_PIDONLY_ON  = 1,
+};
+
 struct proc_fs_info {
 	struct pid_namespace *pid_ns;
 	struct dentry *proc_self;        /* For /proc/self */
 	struct dentry *proc_thread_self; /* For /proc/thread-self */
 	kgid_t pid_gid;
 	int hide_pid;
+	int pidonly;
 };
 
 static inline struct proc_fs_info *proc_sb_info(struct super_block *sb)
author	Alexey Gladkov <gladkov.alexey@gmail.com>	2020-04-19 16:10:54 +0200
committer	Eric W. Biederman <ebiederm@xmission.com>	2020-04-22 10:51:22 -0500
commit	6814ef2d992af09451bbeda4770daa204461329e (patch)
tree	a0f3fad657964e61bc5c04e4add4e1255b33b7ed /include/linux/proc_fs.h
parent	24a71ce5c47f6b1b3cdacf544cb24220f5c3b7ef (diff)