| 
		
			| OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit? [message #53498] | Thu, 11 April 2019 15:49  |  
			| 
				
				
					|  ccto Messages: 61
 Registered: October 2005
 | Member |  |  |  
	| I am finding a solution to create a "secure tmp" for container on OpenVZ 7 platform. 
 Target: create a (e.g.) 2GB partition for /tmp with noexec,nosuid,nodev enabled.
 
 In OpenVZ 6 ones, I used script to bind-mount /tmp to separate simfs directory with vzquota limit.
 
 However, in OpenVZ 7,
 - prlctl device-add does not have mount options.
 - Browsing the source, manually adjusting /vz/private/{UUID}/ve.conf mnt_opts in DISK directive , and restart VE.  It seems not work too.
 - No simfs/vzquota support in OpenVZ 7.
 
 So frustrating.
 
 Any solutions?  Please advise.
 
 Thank you
 Regards
 George
 |  
	|  |  | 
	|  |