Matt, I never suggested mounting /proc readonly! It is a collection of data-files (from a filesystem point of view at least). So nodev (no devices here), noexec (no executables either) and nosuid (definitly no suid executables) should be OK.
In fact everything but /dev should be save to get mounted nodev... -- Virtual filesystem mounts could use more restrictive mount options https://launchpad.net/bugs/54530 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
