I have implemented a patch which adds -m option to switch_root which prevents it from making a mount-move. I haven't noticed any changes in behavior of my system, but now I can do all necessary mounts in initramfs, then call rsbac_init as last but one statement (after that any mount call for root device would fail) and then call switch_root -m /newroot /sbin/init. So I have a chroot behavior, but also can benefit from switch_root's cleaning of initramfs content.
> It sounds like you're saying you _don't_ want to let people do "mount > --remount,rw /", that with the current switch_root you can and with your > proposed modification you can't? Without -m option I would be reluctant to defer rsbac initialization to later boot stages and it is not so good in terms of security, I think. If anybody interested in, I can send this patch. Sergey Naumov. _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
