How do I mount /tmp on VEs with noexec,nosuid options?

Article ID: 648 
Last Review: Oct,6 2008
Author: Vitaly Filatov APPLIES TO:
  • Parallels Virtuozzo Containers for Linux

Resolution

Since Virtuozzo 3.0 SP1 it is very easy to mount /tmp (and /var/tmp if needed) dir on VEs with noexec, nosuid, nodev options using introduced 'bindmout' technology. You can follow the steps below to mount /tmp and /var/tmp directories on all VEs with noexec,nosuid options.
1. Update Virtuozzo installation to Virtuozzo 3 SP1 using 'vzup2date' utility.
2. If you want to mount /tmp and /var/tmp on all VEs with noexec,nosuid,nodev options then do the following:
Insert the following line into the main Virtuozzo configuration file /etc/sysconfig/vz:
BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "
and restart all VEs.
3. If you want to mount /tmp and /var/tmp in this way on some particular VE only, you should insert the line above into the VE configuration file /etc/sysconfig/vz-scripts/VEID.conf manually or do it using 'vzctl' utility:
# vzctl set VEID --bindmount_add /tmp,nosuid,noexec,nodev --bindmount_add /var/tmp,nosuid,noexec,nodev --save
where VEID is an ID of VE you want to apply changes to. VE must be restarted for the changes to take effect.
Keywords: noexec,nosuid,nodev,mount,tmp,security
Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
captcha *Please type the code you can see.
* - required fields