[Users] How do I mount /tmp on VEs with noexec,nosuid options?
Joan
aseques at gmail.com
Mon Nov 12 16:46:50 EST 2007
2007/11/12, Kir Kolyshkin <kir at openvz.org>:
> Joan wrote:
> > Following http://kb.swsoft.com/article_130_648_en.html
> > I get " unrecognized option `--bindmount_add'" so I guess that in
> > openVZ it works different.
> > There was no message in the list related to this.
> > Anyone knows if there is a command for that?
> >
>
> Try to search forum.openvz.org. If you will find the working solution,
> please document it on wiki.openvz.org.
I downloaded the mailing list archives since 2005 and couldn't find a
solution, now I'm looking in the forums and there's something at least
interesting:
http://forum.openvz.org/index.php?t=msg&goto=12999&&srch=noexec#msg_12999
Quote:
white:/# mount -t tmpfs -o noexec,nosuid tmpfs /tmp/
white:/# cat /proc/mounts
simfs / simfs rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
tmpfs /tmp tmpfs rw,nosuid,noexec 0 0
It seems to do the trick
Next step would be to permanently add it to the fstab
# UNCONFIGURED FSTAB FOR BASE SYSTEM
tmpfs /tmp tmpfs noexec,nosuid 0 0
tmpfs /var/tmp tmpfs noexec,nosuid 0 0
At this moment I can't reboot the veid, tomorrow I'll try and see if data in
fstab remains in the text file after rebooting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openvz.org/pipermail/users/attachments/20071112/1e8e4395/attachment.html
More information about the Users
mailing list