tech-kern: Re: procfs & mount changes (was: ps /proc changes)

Subject: Re: procfs & mount changes (was: ps /proc changes)
To: Greg A. Woods <woods@most.weird.com>
From: Brian C. Grayson <bgrayson@marvin.ece.utexas.edu>
List: tech-kern
Date: 03/29/1999 18:03:12

On Mon, Mar 29, 1999 at 04:32:40PM -0500, Andrew Brown wrote:
> 
> how about yet another mount flag that signifies that no other mounts
> may be made on top of the named file system?  so after all mounts have
> been done on a machine, a simple
> 
> mount -a -u -o nomount
> 
> would render all filesystems un-overlayable.  so to speak.

  So, in this example, we'd have
mount -o nomount -t procfs /proc /proc

  That would solve the problem of someone mounting /fakeproc123
on top of /proc/123.  But is it possible for the nomount to
prevent someone from doing:
mount /myfakeroot / (and thus obscure /proc completely, perhaps
		     placing a fake one in place)

  It seems like / would have to know about /proc's nomount to
keep things secure, which seems icky to me.

> (just random thought noise...)

  Yep, same here.

  Brian