mount /proc at boot as read-only
Greg KH
greg at kroah.com
Mon Jan 7 03:35:51 EST 2019
On Sun, Jan 06, 2019 at 09:13:26PM +0300, Lev Olshvang wrote:
>
> Hello all,
>
> I am trying to harden the embedded system.
Please define exactly what you mean by "harden".
> Is it possible and safe to mount /proc file system in a read-only mode and how to do this?
Why would you want /proc to be read-only? What is that going to protect
you from? What is insecure in there as-is?
> I have embedded system with systemd where /proc is mounted rw.
Odds are your system needs this that way. If not, then why mount proc
at all? Why not just disable the proc filesystem from your kernel
entirely and not even worry about it at all?
thanks,
greg k-h
More information about the Kernelnewbies
mailing list