mount /sys and /proc as read-only in root mode
This commit is contained in:
parent
a8fa48fbc7
commit
c4a47947ab
1 changed files with 5 additions and 3 deletions
|
@ -929,8 +929,9 @@ sub run_chroot {
|
|||
or warn "umount /sys failed: $?";
|
||||
};
|
||||
0 == system(
|
||||
'mount', '-t', 'sysfs', '-o',
|
||||
'nosuid,nodev,noexec', 'sys', "$options->{root}/sys"
|
||||
'mount', '-t', 'sysfs',
|
||||
'-o', 'ro,nosuid,nodev,noexec', 'sys',
|
||||
"$options->{root}/sys"
|
||||
) or error "mount /sys failed: $?";
|
||||
} elsif ($options->{mode} eq 'unshare') {
|
||||
# naturally we have to clean up after ourselves in sudo mode where
|
||||
|
@ -978,7 +979,8 @@ sub run_chroot {
|
|||
0 == system('umount', "$options->{root}/proc")
|
||||
or error "umount /proc failed: $?";
|
||||
};
|
||||
0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc")
|
||||
0 == system('mount', '-t', 'proc', '-o', 'ro', 'proc',
|
||||
"$options->{root}/proc")
|
||||
or error "mount /proc failed: $?";
|
||||
} elsif ($options->{mode} eq 'unshare') {
|
||||
# naturally we have to clean up after ourselves in sudo mode where
|
||||
|
|
Loading…
Reference in a new issue