Finally! After awaiting a solution for sometime to be released, Ibex will have kernel 2.6.26 which supports read-only bind mounts. I discovered this as a rather serious security breach to my proposed system design some time ago – I was trying to implement remote access for myself and friends to my data storage. I figured some form of SSH-based access would be a good start, but I didn’t want to have any accounts directly open on my server or desktop machine. Since building separate physical hardware just for this would be a waste of resources, I thought the best solution would be a virtual machine. Configuring NFS on it could potentially be another security hole (not to mention more overhead then needed), I knew a bind mount would be perfect – a read-only one of course. However as I was testing it I quickly realized that read-only bind mounts weren’t actually read-only. Thus, the problem. I suppose since I keep most of my multimedia files marked immutable it wouldn’t be a real problem unless someone got root. Still rather be safe then sorry. More to follow about this later.
I read over a few postings to the kernel mailing list which addressed this last year, but this was just in the development phase then. The solution the kernel architects created involved updating the VFS code, since all bind mounts are implemented in the virtual layer. You can read more of the technical aspects over at lwn.net.