cyphar
commented
3 weeks ago Christian and I wrote this series: https://lore.kernel.org/all/20240806-work-procfs-v1-0-fb04e1d09f0c@kernel.org/
The plan is to block more stuff in a future patch, but this is the "obvious stuff" to block.
Al Viro responded favourably to blocking mounts over magic-links (or rather, mounts over "ethereal" components like everything in
/proc/self/*), and this is fairly easy to implement. This would eliminate all concerns about races in procfs for kernels that support this.