fstab does not honor /proc mount options

Bug #1039887 reported by Christian Kujau
46
This bug affects 10 people
Affects Status Importance Assigned to Milestone
mountall (Ubuntu)
Medium
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Medium
Unassigned

Bug Description

Passing mount options (here: "hidepid=2") for /proc via /etc/fstab does not seem to work:

$ grep /proc /etc/fstab /etc/mtab /proc/mounts
/etc/fstab:proc /proc proc nodev,noexec,nosuid,hidepid=2 0 0
/etc/mtab:proc /proc proc rw,noexec,nosuid,nodev 0 0
/proc/mounts:proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0

Also, /etc/mtab and /proc/mounts are out of sync - are there plans to link /etc/mtab against /proc/mounts? (Note: I'm not particularly in favor of bug 906293, propsing yet another file to the mix).

The system is a fully patched Ubuntu 12.04.1 LTS (i686) in an Amazon EC2 virtual machine.

Workaround: add the following line to /etc/rc.local:

   mount -o remount,hidepid=2 /proc

Related branches

Revision history for this message
Steve Langasek (vorlon) wrote :

This will be due to the fact that mountall doesn't mount /proc; it's mounted via the initramfs if you have one, or by upstart if you don't. Apparently mountall fails to check afterwards that the configured mount options are used.

Changed in mountall (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in mountall (Ubuntu):
assignee: nobody → Dmitrijs Ledkovs (xnox)
Revision history for this message
Simon Déziel (sdeziel) wrote :

Dimitri, any chance to see this implemented in Trusty?

Revision history for this message
KDEUSER56 (kdeuser56) wrote :

So, how do I pass mount options to /proc instead? I need to enable acl support for /proc for security reasons.

Revision history for this message
Christian Kujau (christiank) wrote : Re: [Bug 1039887] Re: fstab does not honor /proc mount options

On Sat, 5 Jul 2014 at 17:18, KDEUSER56 wrote:
> So, how do I pass mount options to /proc instead? I need to enable acl
> support for /proc for security reasons.

I don't think procfs supports ACLs:

$ sudo mount -o remount,acl -v /proc
mount: mount failed
proc: unrecognized mount option "acl" or missing value

As a workaround, use /etc/rc.local to remount /proc with specific mount
options until this bug is fixed.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

On 25 March 2014 19:50, Simon Déziel <email address hidden> wrote:
> Dimitri, any chance to see this implemented in Trusty?
>

So I took a stab at implementing this. To figure out whether or not a
remount is required, I had to start parsing all options specified in
the right order, which turned out to be non-trivial given that many
options are boolean singletons (e.g. ro/rw) thus I quite trivially end
up remounting things way too many times then needed.

However coming to think about it again, I wonder if a simple "if
already mounted and the mounts are specified in /etc/fstab assume a
remount is required" should suffice all cases. I'll try again to
implement that.

--
Regards,

Dimitri.

Ken Sharp (kennybobs)
tags: added: ec2-images i386 precise trusty
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

So in 15.04 Vivid, systemd is used by default which has a remount service for all entries listed in /etc/fstab. It's a simple solution and works good enough.

A similar thing can be implemented in mountall as well. My previous attempt at intelligently parsing all the options to detect whether a remount is needed is complex, due to all the options that could be used (some negating others, or ignored by kernel).

Changed in mountall (Ubuntu Vivid):
status: Triaged → Fix Released
Changed in mountall (Ubuntu Utopic):
status: New → Confirmed
Changed in mountall (Ubuntu Trusty):
status: New → Confirmed
Changed in mountall (Ubuntu Precise):
status: New → Confirmed
Changed in mountall (Ubuntu Lucid):
status: New → Confirmed
Changed in mountall (Ubuntu Vivid):
assignee: Dimitri John Ledkov (xnox) → nobody
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in mountall (Ubuntu Lucid):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers