Comment 5 for bug 54530

Matt, I never suggested mounting /proc readonly!

It is a collection of data-files (from a filesystem point of view at least). So nodev (no devices here), noexec (no executables either) and nosuid (definitly no suid executables) should be OK.

In fact everything but /dev should be save to get mounted nodev...