OpenVZ Forum: Support » OpenVZ mounting /proc insecurely

Home » General » Support » OpenVZ mounting /proc insecurely

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

OpenVZ mounting /proc insecurely [message #52226]

Tue, 06 October 2015 20:40

curtis_isparks
Messages: 14
Registered: April 2011

Junior Member

I recently discovered that the way OpenVZ mounts /proc inside of containers by default is insecure. The following article describes how to fix the issue on the host node:

https://lwn.net/Articles/191531/

However, this does not work inside of containers. At least it doesn't anymore. Under Proxmox 1.9 (vzkernel-2.6.32-042stab037.1) I could do this:

mount -o remount,nosuid,noexec /proc

But, now I'm running OpenVZ under Proxmox 3.1 (vzkernel-2.6.32-042stab079.5) and this no longer works:

# mount -o remount,nosuid,noexec /proc
mount: mount failed

In LXC I noticed that /proc attributes can be specified using the lxc.mount.auto configuration option in the container config. I haven't been able to figure out how to do this in OpenVZ. Any ideas?

Report message to a moderator

[Message index]

		OpenVZ mounting /proc insecurely By: curtis_isparks on Tue, 06 October 2015 20:40
		Re: OpenVZ mounting /proc insecurely By: curtis_isparks on Tue, 06 October 2015 20:41

Previous Topic:	Unable to find VM just created
Next Topic:	Cannot make nfs server inside CT

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Nov 11 07:45:53 GMT 2024

Total time taken to generate the page: 0.03545 seconds