Just for the heck of it I tried mounting /proc in a subdirectory with
the ro option but was still able to update my shmmax kernel parameter
echoing a new value to it. This was done as the root user but I thought
when mounted ro even root shouldn't be able to write to it. Is this a
bug an issue with the way --bind does the mount? Interestingly mount
did show the filesystem has the ro option after the mount.

-----Original Message-----
From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
Behalf Of Mark Andrews
Sent: Tuesday, April 01, 2008 6:24 PM
To: Adam Tkac
Cc: Lars Hecking; bind-users@isc.org
Subject: Re: Number of CPUs detected by Bind 9.4.2 on 4 CPU system
runningRedHat es 4.

> On Tue, Apr 01, 2008 at 05:57:01PM +0100, Lars Hecking wrote:
> > Adam Tkac writes:
> > [...]
> > > After quick look into bind and glibc code /proc has to be mounted.
> > > named calls sysconf(3) function and internal glibc implementation
> > > looks like this:

> > [...]
> >
> > Not that I have looked at the code, but maybe bind should grab this

> > before dropping privileges and going to jail ...
> >

> Yes, this will be the best long term solution. I'm going to prepare
> simple patch to fix this problem.
> Adam
> --
> Adam Tkac, Red Hat, Inc.

/proc is also needed for IPv6 interface scanning.

This is a design fault in Linux.
The correct fix is to correct the design fault in the OS.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.