From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 19 May 2005 - 04:31:43 BST
On Wed, May 18, 2005 at 09:30:31PM -0400, Jean-Christophe Petit wrote:
> Thanks Herbert,
> sorry for the lack of infos:
> 2.4.30-vs1.2.10 with Per Context Quota/Disk Limits Addon q0.14
> vproc-0.01 <vproc-0.01.tar>
> I'm using only one partition for all my 10 vps.
> /etc/vservers/<vps-name>/fstab looks like:
> /dev/hdv1 / ext3 exec,dev,suid,rw,usrquota,grpquota 0 0
> What can I do to have a /tmp with a noexec tag ?
you can modify the 'vserver' script to mount something
at /path/to/vserver/tmp, the 0.30 tools do not mount
anything at /tmp so you'll get what you vserver has
to offer there (i.e. very likely the same as you guest
> I tried to add:
> none /tmp ext3 noexec 0 0
> with no success: when I restart the vps, nothing changes.
> I need to do that for security reasons.
with 0.30.20x, the tools will mount a separate /tmp
and you can change the details in the config file
> Herbert Poetzl wrote:
> >On Wed, May 18, 2005 at 03:37:26PM -0400, Jean-Christophe Petit wrote:
> >>I tried, but it doesn't seem to work.
> >>My kernel is 2.4.30-vs1.2.10
> >probably mentioning that at the first posting would
> >have helped ... as would the tool version ;)
> >basically the tools 'mount' /tmp for the vserver guest
> >if you know where and when that happens, you can
> >fine tune the options ...
> >>I'm using the quota patch: serveral vserver on one partition
> >>Christian Heim wrote:
> >>>On Wednesday 18 May 2005 19:15, Jean-Christophe Petit ( JP )wrote:
> >>>>how can I restrict the /tmp in a vserver to execute anything ?
> >>>You could try to edit /etc/vservers/<vps-name>/fstab by adding the
> >>>option noexec to the /tmp entry. Don't know if it's supported by vserver
> >>>or could break things.
> Vserver mailing list
Vserver mailing list