[Bug 241082] New: additional mount of proc filesystem may change access rights of /proc
echo 1 > /proc/sys/kernel/randomize_va_space mkdir /tmp/bla mount -oro -tproc none /tmp/bla echo 1 > /proc/sys/kernel/randomize_va_space -bash: /proc/sys/kernel/randomize_va_space: Read-only file system mount | grep proc
https://bugzilla.novell.com/show_bug.cgi?id=241082 Summary: additional mount of proc filesystem may change access rights of /proc Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: SuSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: pgunreben@lucent.com QAContact: qa@suse.de Here's my small experiment: ==== proc on /proc type proc (rw) none on /tmp/bla type proc (ro)
mount -oremount,rw /proc echo 1 > /proc/sys/kernel/randomize_va_space echo 1 > /tmp/bla/sys/kernel/randomize_va_space ==== Bottom line: The 2nd mount changes the access rights of the 1st mount and vice versa!
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241082 ------- Comment #1 from judas_iscariote@shorewall.net 2007-02-01 18:01 MST ------- see also #236216 duplicated ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241082 gregkh@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #2 from gregkh@novell.com 2007-02-01 18:12 MST ------- As you are root doing this, it's not something that a "normal" user would ever cause to happen. Also, it's an upstream issue, can you please open this up at bugzilla.kernel.org and let the kernel developers know about it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241082 ------- Comment #3 from pgunreben@lucent.com 2007-02-02 01:16 MST ------- Actually, the problem occurs when starting the "build" script as root. After a single execution of "build" as root, the /proc filesystem is not writeable anymore and you can't login into this computer via ssh anymore. I think that the build script is used by "normal" developers. Therefore, this bug should be fixed. I've noticed later that this bug has has been already reported in bug #228065 and bug #236216. However, the root cause is the kernel. Probably, we should trigger the bugfix via bug #228056 or bug #236216. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241082 ------- Comment #4 from jeffm@novell.com 2007-02-02 12:24 MST ------- This isn't even a kernel bug. If anything, it's a feature request or maybe a bug in mount(8) updating /etc/mtab. I'd expect cat /proc/mounts to show the correct permissions for /proc. Read-only status is determined at the superblock level. You're allowed to mount the same file system at different points in the tree, but you can't expect them to have different superblock-level mount flags. There can only be one procfs superblock, so mounting it a second time with different permissions necessarily affects the first. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=241082 ------- Comment #5 from pgunreben@lucent.com 2007-02-05 01:33 MST ------- Jeff, thanks for the detailed explanation. In this case, there was a bug in the build script (bug #228065), where proc was mounted read-only for the chrooted build environment. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com