Commit 155134fe authored by Linus Torvalds's avatar Linus Torvalds

Revert "proc: Point /proc/{mounts,net} at /proc/thread-self/{mounts,net}...

Revert "proc: Point /proc/{mounts,net} at /proc/thread-self/{mounts,net} instead of /proc/self/{mounts,net}"

This reverts commits 344470ca and e8132440.

It turns out that the exact path in the symlink matters, if for somewhat
unfortunate reasons: some apparmor configurations don't allow dhclient
access to the per-thread /proc files.  As reported by Jörg Otte:

  audit: type=1400 audit(1407684227.003:28): apparmor="DENIED"
    operation="open" profile="/sbin/dhclient"
    name="/proc/1540/task/1540/net/dev" pid=1540 comm="dhclient"
    requested_mask="r" denied_mask="r" fsuid=0 ouid=0

so we had better revert this for now.  We might be able to work around
this in practice by only using the per-thread symlinks if the thread
isn't the thread group leader, and if the namespaces differ between
threads (which basically never happens).

We'll see. In the meantime, the revert was made to be intentionally easy.
Reported-by: default avatarJörg Otte <jrg.otte@gmail.com>
Acked-by: default avatarEric W. Biederman <ebiederm@xmission.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 58d08e3b
...@@ -226,7 +226,7 @@ static struct pernet_operations __net_initdata proc_net_ns_ops = { ...@@ -226,7 +226,7 @@ static struct pernet_operations __net_initdata proc_net_ns_ops = {
int __init proc_net_init(void) int __init proc_net_init(void)
{ {
proc_symlink("net", NULL, "thread-self/net"); proc_symlink("net", NULL, "self/net");
return register_pernet_subsys(&proc_net_ns_ops); return register_pernet_subsys(&proc_net_ns_ops);
} }
...@@ -173,7 +173,7 @@ void __init proc_root_init(void) ...@@ -173,7 +173,7 @@ void __init proc_root_init(void)
proc_self_init(); proc_self_init();
proc_thread_self_init(); proc_thread_self_init();
proc_symlink("mounts", NULL, "thread-self/mounts"); proc_symlink("mounts", NULL, "self/mounts");
proc_net_init(); proc_net_init();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment