>> how about yet another mount flag that signifies that no other mounts
>> may be made on top of the named file system?  so after all mounts have
>> been done on a machine, a simple
>> 
>> mount -a -u -o nomount
>> 
>> would render all filesystems un-overlayable.  so to speak.
>
>  So, in this example, we'd have
>mount -o nomount -t procfs /proc /proc

yep.

>  That would solve the problem of someone mounting /fakeproc123
>on top of /proc/123.  But is it possible for the nomount to
>prevent someone from doing:
>mount /myfakeroot / (and thus obscure /proc completely, perhaps
>		     placing a fake one in place)

that would be why you'd do the first command above after mounting
everything you needed to mount (which, of course, assumes that you
won't need to mount floppies or tapes or anything for the life of the
machine (so it'd probably be one of those things that'd be irrevocable
at securelevel 2 or some such)).

>  It seems like / would have to know about /proc's nomount to
>keep things secure, which seems icky to me.

or you could just mount /proc (with nomount as you describe above) and
then update /'s mount with nomount.  you know...in theory...

you could *even* leave /mnt as a valid mount point (in order)

mount / (however this is done)
mount /proc (with nomount)
mount /mnt (via loopback over itself)
mount -u -o nomount / (to prevent overlays)

leaving /mnt as a completely separate filesystem that could have
mounts done over it.x

(ps - i'm not in any way, shape, or form (imho) capable of
implementing anything this (well...i might be, but it'd take me a
while), but rather just shooting my mouth off in a sane "sounding"
fashion :).

>> (just random thought noise...)
>
>  Yep, same here.

bzzzzz....  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."