base-filesystem: create /proc, /sys, /dev mount points as 0555

These inodes are going to be overmounted anyway, hence let's create them with access mode 555, so that they are as close to being immutable as regular UNIX access modes allow them to be. In other words: this takes the "w" mode away for root. This of course usually has little effect -- unless CAP_DAC_OVERRIDE is dropped. But at the very least it makes the point clear that inodes should be considered immutable. (I intended to make this 0000 originally, but that doesn't work, as many tools – including our own – have fallback paths that when they see ENOENT in /proc/ they can handle this gracefully. But changing the mode to 000 would turn this to EACCES - something they usually have no fallback path for)
2024-09-06 16:56:43 +00:00 · 2023-05-02 10:44:14 +02:00 · 2023-05-02 10:44:14 +02:00 · 7243cefec1
parent ab13274a19
commit 7243cefec1
1 changed files with 3 additions and 3 deletions
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@ -36,9 +36,9 @@ static const BaseFilesystem table[] = {
        { "usr",   0755, NULL,                         NULL },
        { "var",   0755, NULL,                         NULL },
        { "etc",   0755, NULL,                         NULL },
-        { "proc",  0755, NULL,                         NULL, true },
-        { "sys",   0755, NULL,                         NULL, true },
-        { "dev",   0755, NULL,                         NULL, true },
+        { "proc",  0555, NULL,                         NULL, true },
+        { "sys",   0555, NULL,                         NULL, true },
+        { "dev",   0555, NULL,                         NULL, true },

        /* Various architecture ABIs define the path to the dynamic loader via the /lib64/ subdirectory of
         * the root directory. When booting from an otherwise empty root file system (where only /usr/ has