OpenVZ Forum


Home » General » Support » OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit?
OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit? [message #53498] Thu, 11 April 2019 15:49
ccto is currently offline  ccto
Messages: 48
Registered: October 2005
Member
From: 180.92.180*
I am finding a solution to create a "secure tmp" for container on OpenVZ 7 platform.

Target: create a (e.g.) 2GB partition for /tmp with noexec,nosuid,nodev enabled.

In OpenVZ 6 ones, I used script to bind-mount /tmp to separate simfs directory with vzquota limit.

However, in OpenVZ 7,
- prlctl device-add does not have mount options.
- Browsing the source, manually adjusting /vz/private/{UUID}/ve.conf mnt_opts in DISK directive , and restart VE. It seems not work too.
- No simfs/vzquota support in OpenVZ 7.

So frustrating.

Any solutions? Please advise.

Thank you
Regards
George
Previous Topic: Compacting a ploop image with multipartitions
Next Topic: How to install openvz7 to centos
Goto Forum:
  


Current Time: Sat Apr 20 17:12:56 GMT 2019