Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=213135
--- Comment #22 from Tomas Hoger <thoger(a)redhat.com> 2009-01-13 03:03:00 EDT ---
(In reply to comment #21)
2) of course a read-write mounted /chroot/proc will instantly turn
security
into a joke (as all processes, files and devices are accessible by anybody
becoming root in the chroot). But most of these applications, while requiring
a /proc, can live with a readonly /proc.
If anybody in the chroot becomes root, she can escape chroot trivially without
/proc mounted at all. Read-only vs. read-write /proc mount does not influence
that much.
I strongly urge somebody who is running a recent Fedora to re-open
this bug
report after confirming which behavior it is showing now.
Has this been fixed, or is this test incorrect?
# uname -r
2.6.27.9-159.fc10.x86_64
# mkdir -p /chroot/proc
# mount -o ro -t proc proc /chroot/proc/
# cat /proc/mounts | grep '/proc proc'
/proc /proc proc rw 0 0
proc /chroot/proc proc ro 0 0
# echo 1 > /proc/sys/net/ipv4/ip_forward
# echo 1 > /chroot/proc/sys/net/ipv4/ip_forward
bash: /chroot/proc/sys/net/ipv4/ip_forward: Read-only file system
--
Configure bugmail:
https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.