Allow a filesystem to control its visibility in /proc/filesystems.

PiperOrigin-RevId: 204508520 Change-Id: I09e5f8b6e69413370e1a0d39dbb7dc1ee0b6192d
author: Neel Natu <neelnatu@google.com> 2018-07-13 12:10:01 -0700
committer: Shentubot <shentubot@google.com> 2018-07-13 12:10:57 -0700
commit: 5b09ec3b890141959aa6a6a73b1ee4e26490c5cc (patch)
tree: c89d008029668030fbbb8efb113353d55b774aee /pkg/sentry/fs/proc/filesystems.go
parent: 68cf86b6300ad8903e240607dcc8bedd12fcc0ee (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/sentry/fs/proc/filesystems.go b/pkg/sentry/fs/proc/filesystems.go
index aa2c4db10..37db9cf9c 100644
--- a/pkg/sentry/fs/proc/filesystems.go
+++ b/pkg/sentry/fs/proc/filesystems.go
@@ -43,6 +43,9 @@ func (*filesystemsData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHandle
 	// Generate the file contents.
 	var buf bytes.Buffer
 	for _, sys := range fs.GetFilesystems() {
+		if !sys.AllowUserList() {
+			continue
+		}
 		nodev := "nodev"
 		if sys.Flags()&fs.FilesystemRequiresDev != 0 {
 			nodev = ""
author	Neel Natu <neelnatu@google.com>	2018-07-13 12:10:01 -0700
committer	Shentubot <shentubot@google.com>	2018-07-13 12:10:57 -0700
commit	5b09ec3b890141959aa6a6a73b1ee4e26490c5cc (patch)
tree	c89d008029668030fbbb8efb113353d55b774aee /pkg/sentry/fs/proc/filesystems.go
parent	68cf86b6300ad8903e240607dcc8bedd12fcc0ee (diff)