Resolution
Since Parallels Virtuozzo Containers (hereafter Virtuozzo) 3.0 SP1 it is very easy to mount /tmp (and /var/tmp if needed) dir on VEs with noexec, nosuid, nodev options using introduced 'bindmout' technology. You can follow the steps below to mount /tmp and /var/tmp directories on all VEs with noexec,nosuid options:1. Update Virtuozzo installation to Virtuozzo 3 SP1 using 'vzup2date' utility.
2. If you want to mount /tmp and /var/tmp on all VEs with noexec,nosuid,nodev options then do the following:
Insert the following line into the main Virtuozzo configuration file /etc/sysconfig/vz:
BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "and restart all VEs.
3. If you want to mount /tmp and /var/tmp in this way on some particular VE only, you should insert the line above into the VE configuration file /etc/sysconfig/vz-scripts/VEID.conf manually or do it using 'vzctl' utility:
# vzctl set VEID --bindmount_add /tmp,nosuid,noexec,nodev --bindmount_add /var/tmp,nosuid,noexec,nodev --savewhere VEID is an ID of VE you want to apply changes to. VE must be restarted for the changes to take effect.
Keywords: noexec,nosuid,nodev,mount,tmp,security