procfs and chroot() ... ?

[Jochen Bern]

I'm trying to chroot() a server that needs to read one readonly pseudo 
file from /proc . I tried to pinpoint my options to do so ...

-- The alternative to accessing this one pseudo file would be to grant
   the server access to /dev/kmem ... NOT ... ANY ... BETTER!! 8-}
-- Mounting two procfs instances (one normal, one inside the chroot())
   and setting restrictive permissions on the latter makes identical
   changes to the former. (I assume that'ld be the same for ACLs?)
-- Deploying SELinux ... will have to do a good deal of reading to
   even find out what'ld be involved in that ...
-- Mounting a "second" procfs, chroot()ing into the exact subdir the
   file is in, and mounting non-procfs stuff (like the etc dir with the
   configs) *over* the sub-subdirs (ARGH!) would *happen* to rid me of
   all *writable* pseudo files, but still provide read access to way
   more info that I'ld want to provide to the server ...
(- I'll try to Use The Source (tm) so that the server will not close the
   pseudo file, and does the chroot() itself after opening it, but let's
   assume for the sake of the argument that I won't succeed in that.)

Is there an official way (or *should* there be one) to have only *part* 
of a procfs mounted into a chroot() jail?

Kind regards,
								J. Bern
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/