Parallels knowledgebase (KB) http://kb.parallels.com/ Parallels knowledgebase (KB) en Copyright 2008 Parallels Wed, 10 Sep 2008 00:00:00 +0600 Wed, 10 Sep 2008 00:00:00 +0600 rt-team@parallels.com <![CDATA[How do I mount /tmp on VEs with noexec,nosuid options?]]> http://kb.parallels.com/en/648

How do I mount /tmp on VEs with noexec,nosuid options?

Article ID: 648 
Last Review: Feb,2 2009
Author: Vitaly Filatov
Last updated by: system

Resolution

Since Parallels Virtuozzo Containers (hereafter Virtuozzo) 3.0 SP1 it is very easy to mount /tmp (and /var/tmp if needed) dir on VEs with noexec, nosuid, nodev options using introduced 'bindmout' technology. You can follow the steps below to mount /tmp and /var/tmp directories on all VEs with noexec,nosuid options:

1. Update Virtuozzo installation to Virtuozzo 3 SP1 using 'vzup2date' utility.

2. If you want to mount /tmp and /var/tmp on all VEs with noexec,nosuid,nodev options then do the following:

Insert the following line into the main Virtuozzo configuration file /etc/sysconfig/vz:
BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "

and restart all VEs.

3. If you want to mount /tmp and /var/tmp in this way on some particular VE only, you should insert the line above into the VE configuration file /etc/sysconfig/vz-scripts/VEID.conf manually or do it using 'vzctl' utility:
# vzctl set VEID --bindmount_add /tmp,nosuid,noexec,nodev --bindmount_add /var/tmp,nosuid,noexec,nodev --save

where VEID is an ID of VE you want to apply changes to. VE must be restarted for the changes to take effect.
Keywords: noexec,nosuid,nodev,mount,tmp,security


Subscription for changes to this article Subscription for changes to this article
]]> Vitaly Filatov 330 LastUpdated: 2009-02-02 03:38:36 2008-10-06 09:10:36