grsecurity forums

Skip to content

remount

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

remount

Postby co2pd » Mon Apr 07, 2003 7:01 pm

ok, now I know remounts can't be done inside root jails

But they can be done outside a jail. Is there any way I can mount a filesystem in RO and totally forbid, ban, disallow, anbody from remounting it?

thanks
ernesto
co2pd
 
Posts: 4
Joined: Mon Mar 10, 2003 5:00 pm
Top

Postby spender » Mon Apr 07, 2003 8:17 pm

If you mean keeping anyone from outside the chroot from remounting it, you need to use the ACL system. CAP_SYS_ADMIN covers mounting, so you'll need to remove this (it's enforced in the default policy).

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron