About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 19 May 2005 - 04:31:43 BST


On Wed, May 18, 2005 at 09:30:31PM -0400, Jean-Christophe Petit wrote:
> Thanks Herbert,
>
> sorry for the lack of infos:
> 2.4.30-vs1.2.10 with Per Context Quota/Disk Limits Addon q0.14
> util-vserver-0.30-1mdk
> vproc-0.01 <vproc-0.01.tar>
>
> I'm using only one partition for all my 10 vps.
>
> /etc/vservers/<vps-name>/fstab looks like:
> /dev/hdv1 / ext3 exec,dev,suid,rw,usrquota,grpquota 0 0
>
> What can I do to have a /tmp with a noexec tag ?

you can modify the 'vserver' script to mount something
at /path/to/vserver/tmp, the 0.30 tools do not mount
anything at /tmp so you'll get what you vserver has
to offer there (i.e. very likely the same as you guest
root system)

> I tried to add:
> none /tmp ext3 noexec 0 0
>
> with no success: when I restart the vps, nothing changes.
> I need to do that for security reasons.

with 0.30.20x, the tools will mount a separate /tmp
and you can change the details in the config file
/etc/vservers/%name/fstab ...

HTH,
Herbert

> thanks,
>
> JC
>
>
> Herbert Poetzl wrote:
>
> >On Wed, May 18, 2005 at 03:37:26PM -0400, Jean-Christophe Petit wrote:
> >
> >>I tried, but it doesn't seem to work.
> >>My kernel is 2.4.30-vs1.2.10
> >
> >probably mentioning that at the first posting would
> >have helped ... as would the tool version ;)
> >
> >basically the tools 'mount' /tmp for the vserver guest
> >if you know where and when that happens, you can
> >fine tune the options ...
> >
> >best,
> >Herbert
> >
> >>I'm using the quota patch: serveral vserver on one partition
> >>
> >>thanks,
> >>JC
> >>
> >>Christian Heim wrote:
> >>
> >>>On Wednesday 18 May 2005 19:15, Jean-Christophe Petit ( JP )wrote:
> >>>
> >>>>how can I restrict the /tmp in a vserver to execute anything ?
> >>>>
> >>>You could try to edit /etc/vservers/<vps-name>/fstab by adding the
> >>>option noexec to the /tmp entry. Don't know if it's supported by vserver
> >>>or could break things.
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 19 May 2005 - 04:32:05 BST by hypermail 2.1.3