git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Alexey Gladkov <legion@kernel.org>
	Mon, 27 Apr 2026 08:26:05 +0000 (10:26 +0200)
committer	Christian Brauner <brauner@kernel.org>
	Mon, 11 May 2026 21:13:01 +0000 (23:13 +0200)
commit	a2a5eb6323a7b1987fd8048d94b9ffc7f87e3064
tree	209894096a4d15e4889299fe2406febca8c364a2	tree \| snapshot
parent	78d797520f6a74ed402cb98c6bf74d96b4937965	commit \| diff

proc: subset=pid: Show /proc/self/net only for CAP_NET_ADMIN

Cache the mounters credentials and allow access to the net directories
contingent of the permissions of the mounter of proc.

Do not show /proc/self/net when proc is mounted with subset=pid option
and the mounter does not have CAP_NET_ADMIN. To avoid inadvertently
allowing access to /proc/<pid>/net, updating mounter credentials is not
supported.

Signed-off-by: Alexey Gladkov <legion@kernel.org>
Link: https://patch.msgid.link/d2466fe9085367f1e24693c437ecb8cff2789660.1777278334.git.legion@kernel.org
Reviewed-by: Aleksa Sarai <aleksa@amutable.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>

fs/proc/proc_net.c		diff \| blob \| blame \| history
fs/proc/root.c		diff \| blob \| blame \| history
include/linux/proc_fs.h		diff \| blob \| blame \| history