switch_root and mount move
Sergey Naumov
sknaumov at gmail.com
Wed May 2 16:21:40 UTC 2012
I have implemented a patch which adds -m option to switch_root which
prevents it from making a mount-move.
I haven't noticed any changes in behavior of my system, but now I can
do all necessary mounts in initramfs,
then call rsbac_init as last but one statement (after that any mount
call for root device would fail) and then call
switch_root -m /newroot /sbin/init. So I have a chroot behavior, but
also can benefit from switch_root's cleaning of initramfs content.
> It sounds like you're saying you _don't_ want to let people do "mount
> --remount,rw /", that with the current switch_root you can and with your
> proposed modification you can't?
Without -m option I would be reluctant to defer rsbac initialization
to later boot stages and it is not so good in terms of security, I
think.
If anybody interested in, I can send this patch.
Sergey Naumov.
More information about the busybox
mailing list