Linux 5.8 Brings Modernization Work To Procfs

Adding to the Linux 5.8 changes is the landing of modernization work for the proc special-purpose file-system.

With Linux 5.8, proc is seeing support for being able to support multiple private instances and various other enhancements to this key Linux infrastructure.

The since merged pull request explained, "[Alexey Gladkov of Red Hat] updated proc so each mount of proc uses a new superblock. This allows people to actually use mount options with proc with no fear of messing up another mount of proc. Given the kernel's internal mounts of proc for things like uml this was a real problem, and resulted in Android's hidepid mount options being ignored and introducing security issues."

Alexey further explained the motivations for this work and benefits in the patch series for this modernization effort:

Supporting private procfs instances will allow to support new features and behaviour without propagating it to all other procfs mounts.

Today procfs is more of a burden especially to some Embedded, IoT, sandbox, container use cases. In user space we are over-mounting null or inaccessible files on top to hide files and information. If we want to hide pids we have to create PID namespaces otherwise mount options propagate to all other proc mounts, changing a mount option value in one mount will propagate to all other proc mounts. If we want to introduce new features, then they will propagate to all other mounts too, resulting either maybe new useful functionality or maybe breaking stuff. We have also to note that userspace should not workaround procfs, the kernel should just provide a sane simple interface.

In this regard several developers and maintainers pointed out that there are problems with procfs and it has to be modernized.

This modernization work so far for procfs will premiere with Linux 5.8.