[Bug 213135] mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw
bugzilla at redhat.com
bugzilla at redhat.com
Fri Apr 4 16:25:46 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw
https://bugzilla.redhat.com/show_bug.cgi?id=213135
------- Additional Comments From cracauer at cons.org 2008-04-04 12:25 EST -------
(In reply to comment #10)
> Actually you're right that the current behavior can have security implications.
> kernel-2.6.24.4-64.fc8 x86_64
>
> What distributions with what kernel versions work fine for you?
Debian and Ubuntu, but I use stock (kernel.org) kernels there, so it's really
not distribution-specific.
Overall, I know that this is a result of other security features in Fedora.
However, this effectively disables readonly /proc mounts and hence it makes
chroots useless unless you happen to have applications in there that don't need
/proc at all. That's not the case for many applications you want to cage in. As
I said, most distributed computing projects need this, and my Firefox chroot
needs it, too.
Thanks for the update
Martin
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-triage-list
mailing list