OpenVZ Forum


Home » General » Support » OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit?
OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit? [message #53498] Thu, 11 April 2019 15:49 Go to next message
ccto is currently offline  ccto
Messages: 53
Registered: October 2005
Member
From: 180.92.180*
I am finding a solution to create a "secure tmp" for container on OpenVZ 7 platform.

Target: create a (e.g.) 2GB partition for /tmp with noexec,nosuid,nodev enabled.

In OpenVZ 6 ones, I used script to bind-mount /tmp to separate simfs directory with vzquota limit.

However, in OpenVZ 7,
- prlctl device-add does not have mount options.
- Browsing the source, manually adjusting /vz/private/{UUID}/ve.conf mnt_opts in DISK directive , and restart VE. It seems not work too.
- No simfs/vzquota support in OpenVZ 7.

So frustrating.

Any solutions? Please advise.

Thank you
Regards
George
Re: OpenVZ 7 + how to make /tmp noexec,nosuid,nodev with quota limit? [message #53503 is a reply to message #53498] Tue, 23 April 2019 07:46 Go to previous message
ccto is currently offline  ccto
Messages: 53
Registered: October 2005
Member
From: 180.92.180*
Finally, I managed to
- create a file as a block device (dd), and mkfs.ext4 it
- mount it as loop,rw,nodev,nosuid,noexec
- bind-mount it inside guest /tmp to that folder.

It looks work.
Previous Topic: How to install openvz7 to centos
Next Topic: OpenVZ 7 + prlctl register + failed with PRL_ERR_VZCTL_OPERATION_FAILED
Goto Forum:
  


Current Time: Mon Jun 17 20:02:44 GMT 2019