[Users] ploop mount question

Kir Kolyshkin kir at openvz.org
Mon Mar 21 21:52:52 PDT 2016 

On 03/21/2016 06:58 PM, Simon Choucroun wrote:
> Hi Kir,
>
> Sorry to e-mail you , I know that you must be really busy with VZ and 
> CRIU these days but i am looking for a solution and have looked 
> everywhere without any concrete answer, maybe you can help.
>
> I am trying to create a internal product that is using ploop as the 
> device image( much better than loop!)
>
> The issue i am having is that i am trying to mount the ploop image 
> with noexec,nosuid for enhanced security. When i pass it to the -o 
> parameter, it is erroring out.
>
> ploop mount -o nosuid,noexec -m /backup/staging 
> /mounts/staging/DiskDescriptor.xml
>
> I also checked the documentation for ploop but unfortunately, there is 
> no option explanation or example for the -o flag.

Hi Simon,

The value of the -o option is passed directly to the mount() syscall, as 
the "data"
argument, and it might contain some fs-specific options. Here's an 
excerpt from
mount(2) man page:

        The  data argument is interpreted by the different file 
systems.  Typi-
        cally it is a string of comma-separated options understood by 
this file
        system.   See  mount(8)  for  details of the options available 
for each
        filesystem type.

Now, options MS_NOEXEC and MS_NOSUID are not fs-specific but generic.
Unfortunately, currently there's no way to pass those to ploop command
(although it's relatively easy to add).

A workaround would be to mount ploop as device only, and then use usual 
"mount"
command to actually mount the fs. Example:

[root at tpad-ovz1 root.hdd]# ploop mount DiskDescriptor.xml
Opening delta /vz/private/202/root.hdd/root.hdd
Adding delta dev=/dev/ploop32746 img=/vz/private/202/root.hdd/root.hdd (rw)

[root at tpad-ovz1 root.hdd]# mount -o noexec,nosuid /dev/ploop32746p1 mnt

As you can see, you need to figure out the ploop device (and add p1 to 
it for a partition).
You can figure it out by e.g. parsing the output of "ploop mount" or 
"ploop list".

Let me know if you have any more questions, and I am Ccing users@ list 
as there
might be some people who are also interested in that.

Kir.

More information about the Users mailing list