grsecurity forums


https://forums.grsecurity.net./

proc in a chroot

https://forums.grsecurity.net./viewtopic.php?f=3&t=1631

Page 1 of 1

proc in a chroot

PostPosted: Sat Dec 23, 2006 11:05 am
by Makc
Hello,

I have a problem with /proc in chrooted environment:
Code: Select all
# ls -la /disk2/vpn/proc/
total 8
drwxr-xr-x    2 root     root         4096 Dec 15  2004 .
drwxr-xr-x   21 root     root         4096 Dec  1 23:00 ..
# mount -t proc none /disk2/vpn/proc/
# ls -al /disk2/vpn/proc/ | wc -l
    259
# \chroot /disk2/vpn/
# ls -al /proc/ | wc -l
43
# ps auwx
Error, do this: mount -t proc none /proc


mount inside jail does nothing.

inner /proc contains update / cmdline / crypto / devices / etc, but it does not have any PIDs, even self:
Code: Select all
# ls -al /proc/self
ls: /proc/self: No such file or directory

If I set kernel.grsecurity.chroot_findtask to 0 everything works, but users can see all the proccess.

2.6.19.1, grsecurity-2.1.9-2.6.19.1-200612121859

YMMV, but this works for me

PostPosted: Wed Jan 03, 2007 5:32 pm
by Alexei.Sheplyakov
Code: Select all
# Enable to mount inside chroots:
sysctl -w kernel/grsecurity/chroot_deny_mount=0
# Mount /proc inside the chroot:
chroot /path/to/chroot mount -n -t proc proc /proc
# Disable to mount inside chroots again:
sysctl -w kernel/grsecurity/chroot_deny_mount=1

PostPosted: Wed Jan 03, 2007 9:25 pm
by spender
This problem is fixed in the latest 2.1.10 patch in http://grsecurity.net/~spender/

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/