Product:
Search Type:

How do I mount /tmp on VEs with noexec,nosuid options?

Article ID: 648 
Last Review: Jan,31 2007
APPLIES TO:
  • Virtuozzo for Linux

RESOLUTION

Since Virtuozzo 3.0 SP1 it is very easy to mount /tmp (and /var/tmp if needed) dir on VEs with noexec, nosuid, nodev options using introduced 'bindmout' technology. You can follow the steps below to mount /tmp and /var/tmp directories on all VEs with noexec,nosuid options.

1. Update Virtuozzo installation to Virtuozzo 3 SP1 using 'vzup2date' utility.

2. If you want to mount /tmp and /var/tmp on all VEs with noexec,nosuid,nodev options then do the following:
Insert the following line into the main Virtuozzo configuration file /etc/sysconfig/vz:

BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "

and restart all VEs.

3. If you want to mount /tmp and /var/tmp in this way on some particular VE only, you should insert the line above into the VE configuration file /etc/sysconfig/vz-scripts/VEID.conf manually or do it using 'vzctl' utility:

# vzctl set VEID --bindmount_add /tmp,nosuid,noexec,nodev --bindmount_add /var/tmp,nosuid,noexec,nodev --save

where VEID is an ID of VE you want to apply changes to. VE must be restarted for the changes to take effect.
Keywords: noexec,nosuid,nodev,mount,tmp,security

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields