PDA

View Full Version : issue mounting proc file system as read only



lenderlive
04-Apr-2012, 15:41
SLES-Enterprise-11-SP2 w/ SDK-SP2 components. Has active subscription and all updates are installed.

I'm having a strange issue here. When "mount --bind /proc /var/lib/named/proc -o ro" gets run in my /etc/init.d/named script (to mount the proc file system in my chroot jail), I get a warning "mount: warning: /var/lib/named/proc seems to be mounted read-write."

mount shows "/proc on /var/lib/named/proc type none (rw,bind)" after mounting /proc with warning, which I find quite odd because I explicitly state I want to mount it as read only.

Please note I want /proc mounted on the fly via the named script and not via fstab, although I'll check to see if there is a difference if i put "/proc /var/lib/named/proc none bind,ro 0 0" in fstab.

Does anyone have any insight on this??

I'm showing this is an old bug??
http://lists.opensuse.org/opensuse-bugs/2010-07/msg04757.html

possible work around?
http://www.howtoforge.com/forums/showthread.php?t=22511

lenderlive
04-Apr-2012, 16:16
so putting "/proc /var/lib/named/proc none bind,ro 0 0" in fstab and mounting /var/lib/named/proc gives me the same warning.
Note, that my util-linux rpm package is at version 2.19.1-6.29.3 and my kernel is at 3.0.13-0.27.

lenderlive
04-Apr-2012, 16:27
So i found a solution with an explanation at http://permalink.gmane.org/gmane.linux.suse.kernel/2448



box1 # mount --bind /proc /var/lib/named/proc -o ro
mount: warning: /var/lib/named/proc seems to be mounted read-write.

box1 # mount
...
/proc on /var/lib/named/proc type none (rw,bind)

box1 # cat /etc/mtab
...
/proc /var/lib/named/proc none rw,bind 0 0


box1 # mount -o remount,ro,bind /proc /var/lib/named/proc

box1 # mount
...
/proc on /var/lib/named/proc type none (ro,bind)

box1 # cat /etc/mtab
...

/proc /var/lib/named/proc none ro,bind 0 0

lenderlive
04-Apr-2012, 20:22
FYI

so apparently i was using an SP1 /etc/init.d/named script on SP2. I found the updated SP2 script and the correct mount command is "mount -tproc -oro,nosuid,nodev,noexec proc /var/lib/named/proc". it mounts /proc to /var/lib/named/proc as read only without warnings.