On grsec enabled kernels we have the option to enable a special proc group. So we edit our /etc/fstab to add an extra gid option. example fstab entry proc /proc proc defaults,gid=10 0 0 # reboot # mount | grep proc none on /proc type proc (rw) ## this should be none on /proc type proc (rw,gid=10) ## simple fix that should be placed our initscripts. mount -a -oremount /proc ## or perhaps mount -a -oremount -t proc Note: this is needed for our gentoo infrastructure
Created attachment 20921 [details] /etc/init.d/checkroot This should add corrrect additional info to /etc/mtab, please test.
After diffing out and extracting the + # Now make sure /etc/mtab have additional info (gid, etc) in there + for x in $(awk '{ print $2 }' /proc/mounts | uniq) + do + for y in $(awk '{ print $2 }' /etc/fstab) + do + if [ "${x}" = "${y}" ] + then + mount -f -o remount $x + continue + fi + done + done Ran that from a shell script without the ^+ and the local= And it remounted my local partitions correctly. However I'm trying to not to reboot my box for a few weeks. So Kurt if have time to test :)
Fixed in baselayout-1.8.6.12-r2.
