OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit? [message #53498] |
Thu, 11 April 2019 15:49 |
ccto
Messages: 61 Registered: October 2005
|
Member |
|
|
I am finding a solution to create a "secure tmp" for container on OpenVZ 7 platform.
Target: create a (e.g.) 2GB partition for /tmp with noexec,nosuid,nodev enabled.
In OpenVZ 6 ones, I used script to bind-mount /tmp to separate simfs directory with vzquota limit.
However, in OpenVZ 7,
- prlctl device-add does not have mount options.
- Browsing the source, manually adjusting /vz/private/{UUID}/ve.conf mnt_opts in DISK directive , and restart VE. It seems not work too.
- No simfs/vzquota support in OpenVZ 7.
So frustrating.
Any solutions? Please advise.
Thank you
Regards
George
|
|
|