While auditing and experimenting with VServer procfs and vproc security
we discovered a problem sharing permissions on the procfs mounted
Within any context users are still able to change permissions on /proc,
both access permission and ownership. That is just fine as many people
would like to restrict access to /proc to the root user or a group of
But as changes to a procfs mountpoint do not apply to the mountpoint
itself but to procfs in general, these changes affect all contexts
(VServers) and even the host system.
All tests were done against the stable branch (1.2x) but regarding to
Herbert Poetzl, the problem exists on both devel branches (1.3.x,
Version 1.28 (stable branch) resolves this problem.
I'm waiting for the upstream VServer depelopers to release a fixed version of the 1.3 branch, I'll add it in when they do...
Removed the development branch and added in 1.28; closing this bug as FIXED. I'll address this issue in the next batch of kernel announcements...