From: Christian Brauner Date: Mon, 27 Apr 2026 15:51:43 +0000 (+0200) Subject: Merge patch series "proc: subset=pid: Relax check of mount visibility" X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=a76640171b29fc91b9777a8e1bdc7e08db697275;p=thirdparty%2Flinux.git Merge patch series "proc: subset=pid: Relax check of mount visibility" Alexey Gladkov says: When mounting procfs with the subset=pids option, all static files become unavailable and only the dynamic part with information about pids is accessible. In this case, there is no point in imposing additional restrictions on the visibility of the entire filesystem for the mounter. Everything that can be hidden in procfs is already inaccessible. Currently, these restrictions prevent procfs from being mounted inside rootless containers, as almost all container implementations override part of procfs to hide certain directories. Relaxing these restrictions will allow pidfs to be used in nested containerization. * patches from https://patch.msgid.link/cover.1777278334.git.legion@kernel.org: docs: proc: add documentation about mount restrictions proc: handle subset=pid separately in userns visibility checks proc: prevent reconfiguring subset=pid proc: subset=pid: Show /proc/self/net only for CAP_NET_ADMIN sysfs: remove trivial sysfs_get_tree() wrapper fs: move SB_I_USERNS_VISIBLE to FS_USERNS_MOUNT_RESTRICTED namespace: record fully visible mounts in list Link: https://patch.msgid.link/cover.1777278334.git.legion@kernel.org Signed-off-by: Christian Brauner --- a76640171b29fc91b9777a8e1bdc7e08db697275