Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
attach: handle /proc with hidepid={1,2} property
Receive fd for LSM security module before we set{g,u}id(). The reason is that on set{g,u}id() the kernel will a) make us undumpable and b) we will change our effective uid. This means our effective uid will be different from the effective uid of the process that created us which means that this processs no longer has capabilities in our namespace including CAP_SYS_PTRACE. This means we will not be able to read and /proc/<pid> files for the process anymore when /proc is mounted with hidepid={1,2}. So let's get the lsm label fd before the set{g,u}id(). Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
- Loading branch information
Christian Brauner
committed
Dec 21, 2017
1 parent
a998454
commit 57de839
Showing
1 changed file
with
30 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters