Al Viro wrote:
On Sat, Jan 29, 2005 at 03:45:42AM +0100, Rene Scharfe wrote:

The patch is inspired by the /proc restriction parts of the
GrSecurity patch.  The main difference is the ability to configure
the restrictions dynamically.  You can change the umask setting by

# mount -o remount,umask=007 /proc

Testing has been *very* light so far -- it compiles and boots.
Patch is against 2.6.11-rc2-bk6.

Comments are very welcome.

It leaves already existing inodes with whatever mode they used to

I said "configure the restrictions dynamically" but I meant "doesn't need a recompile to change settings". I expect the umask to be specified in /etc/fstab and rarely changed in a running system. With that in mind I think the patch is useful as-is, especially because it's so small. But I agree, that thing is a dirty hack. :]

_IF_ you want to do that sort of things, do it right - add
->permission() that would apply that umask before checks and if you
want it to be seen in results of stat(2) - add ->gettattr() and do
the same there.

Aww, that sounds expensive. My favourite solution would be to only allow the umask to be changed at mount time, not when remounting.

Calling parse_options from proc_fill_super, only and not from proc_remount does not help very much because proc_fill_super is only called at boot (or proc module load time). Is there another way?

While we are here: how would one change the uid or gid parameter? With a built-in proc fs the mount -a -t proc in the init scripts only results in a proc_remount call which (in mainline) doesn't bother looking at parameters at all. The same is true for a unmount, mount sequence.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at
Please read the FAQ at

Reply via email to