From 5b09ec3b890141959aa6a6a73b1ee4e26490c5cc Mon Sep 17 00:00:00 2001
From: Neel Natu <neelnatu@google.com>
Date: Fri, 13 Jul 2018 12:10:01 -0700
Subject: Allow a filesystem to control its visibility in /proc/filesystems.

PiperOrigin-RevId: 204508520
Change-Id: I09e5f8b6e69413370e1a0d39dbb7dc1ee0b6192d
---
 pkg/sentry/fs/proc/filesystems.go | 3 +++
 pkg/sentry/fs/proc/fs.go          | 5 +++++
 2 files changed, 8 insertions(+)

(limited to 'pkg/sentry/fs/proc')

diff --git a/pkg/sentry/fs/proc/filesystems.go b/pkg/sentry/fs/proc/filesystems.go
index aa2c4db10..37db9cf9c 100644
--- a/pkg/sentry/fs/proc/filesystems.go
+++ b/pkg/sentry/fs/proc/filesystems.go
@@ -43,6 +43,9 @@ func (*filesystemsData) ReadSeqFileData(ctx context.Context, h seqfile.SeqHandle
 	// Generate the file contents.
 	var buf bytes.Buffer
 	for _, sys := range fs.GetFilesystems() {
+		if !sys.AllowUserList() {
+			continue
+		}
 		nodev := "nodev"
 		if sys.Flags()&fs.FilesystemRequiresDev != 0 {
 			nodev = ""
diff --git a/pkg/sentry/fs/proc/fs.go b/pkg/sentry/fs/proc/fs.go
index 072d00beb..3aadd6ac4 100644
--- a/pkg/sentry/fs/proc/fs.go
+++ b/pkg/sentry/fs/proc/fs.go
@@ -42,6 +42,11 @@ func (*filesystem) AllowUserMount() bool {
 	return true
 }
 
+// AllowUserList allows this filesystem to be listed in /proc/filesystems.
+func (*filesystem) AllowUserList() bool {
+	return true
+}
+
 // Flags returns that there is nothing special about this file system.
 //
 // In Linux, proc returns FS_USERNS_VISIBLE | FS_USERNS_MOUNT, see fs/proc/root.c.
-- 
cgit v1.2.3