From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 793E3C43387 for ; Sun, 6 Jan 2019 18:13:54 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E68F12070D for ; Sun, 6 Jan 2019 18:13:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=yandex.com header.i=@yandex.com header.b="cJ3yBxE8" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E68F12070D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=yandex.com Authentication-Results: mail.kernel.org; spf=fail smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.91) (envelope-from ) id 1ggCvY-0003Iu-Kt; Sun, 06 Jan 2019 13:13:36 -0500 Received: from forward105o.mail.yandex.net ([2a02:6b8:0:1a2d::608]) by shelob.surriel.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1ggCvW-0003In-Gg for kernelnewbies@kernelnewbies.org; Sun, 06 Jan 2019 13:13:34 -0500 Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward105o.mail.yandex.net (Yandex) with ESMTP id 988EA42003E4 for ; Sun, 6 Jan 2019 21:13:27 +0300 (MSK) Received: from localhost (localhost [::1]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id jWwP8rw8YS-DQ4KgH5r; Sun, 06 Jan 2019 21:13:27 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1546798407; bh=9ujqBbuGpRW5UfpM4lnlmJA/btwF4L2gDDS/0OZBhYA=; h=From:To:Subject:Date:Message-Id; b=cJ3yBxE8qcTxaQwwzFBNGRr1pIytX3WTmNuGFjwyhUo6YSy0tG7oRwy6litYVovCG UnIf+YZhralW5cyKO/ZpOoyKEg20ton2mZegYWauOvKNIVWj2Nge+GrjkjseWwpRAR xxeng/bRdzjnd/RicMlKfWXswDZvN11iSVqWg+qE= Authentication-Results: mxback15j.mail.yandex.net; dkim=pass header.i=@yandex.com Received: by myt4-415a3339794b.qloud-c.yandex.net with HTTP; Sun, 06 Jan 2019 21:13:26 +0300 From: Lev Olshvang To: kernelnewbies Subject: mount /proc at boot as read-only MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Sun, 06 Jan 2019 21:13:26 +0300 Message-Id: <28484691546798406@myt4-415a3339794b.qloud-c.yandex.net> X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kernelnewbies-bounces@kernelnewbies.org Hello all, I am trying to harden the embedded system. Is it possible and safe to mount /proc file system in a read-only mode and how to do this? I have embedded system with systemd where /proc is mounted rw. I suspect that systemd mounts it when it bebgns to bootsrtap user space. On my currently idle and small embedded board and on QEMU I was able to remount /proc read-only. But when I changed fstab to mount it as a read-only it is still mounted rw,relatime after reboot. So who mounts it first ? Is it hardcoded in systemd when it starts process of PID 1 or in a kernel? Regards, Lev _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies