OpenVZ Forum


Home » General » Support » OpenVZ mounting /proc insecurely
OpenVZ mounting /proc insecurely [message #52226] Tue, 06 October 2015 20:40 Go to next message
curtis_isparks is currently offline  curtis_isparks
Messages: 14
Registered: April 2011
Junior Member
I recently discovered that the way OpenVZ mounts /proc inside of containers by default is insecure. The following article describes how to fix the issue on the host node:

https://lwn.net/Articles/191531/

However, this does not work inside of containers. At least it doesn't anymore. Under Proxmox 1.9 (vzkernel-2.6.32-042stab037.1) I could do this:

mount -o remount,nosuid,noexec /proc

But, now I'm running OpenVZ under Proxmox 3.1 (vzkernel-2.6.32-042stab079.5) and this no longer works:

# mount -o remount,nosuid,noexec /proc
mount: mount failed

In LXC I noticed that /proc attributes can be specified using the lxc.mount.auto configuration option in the container config. I haven't been able to figure out how to do this in OpenVZ. Any ideas?
Re: OpenVZ mounting /proc insecurely [message #52227 is a reply to message #52226] Tue, 06 October 2015 20:41 Go to previous message
curtis_isparks is currently offline  curtis_isparks
Messages: 14
Registered: April 2011
Junior Member
I should mention that I already tried adding a /proc mount in /etc/fstab inside the container and it seems that was ignored.
Previous Topic: Unable to find VM just created
Next Topic: Cannot make nfs server inside CT
Goto Forum:
  


Current Time: Fri Mar 29 08:03:30 GMT 2024

Total time taken to generate the page: 0.01822 seconds