[Fedora kexec-tools 2/7] kexec: Remount /proc and /sys in private mount namespace
Vivek Goyal
vgoyal at redhat.com
Wed Sep 11 14:18:31 UTC 2013
On Wed, Sep 11, 2013 at 11:02:36AM +0800, Dave Young wrote:
> On 09/04/13 at 09:56pm, Vivek Goyal wrote:
> > With secureboot enabled, we don't even trust root. And when kexec is launched
> > it might happen that root has already rigged /proc and /sys which kexec
> > reads to get important data.
> >
> > So create a private mount namespace which is not visible to root, unmount
> > old /proc and /sys and remount these to get to actual data kernel exported.
>
> Hello Vivek
>
> kexec will also use /sys/kernel/debug/boot_params, I want to copy efi_info from
> there for efi runtime support. So could you remount debugfs as well?
Ok, will do. Thanks.
Vivek
More information about the kernel
mailing list