Re: [Vserver] vserver and /tmp

Thu, 19 May 2005 17:21:22 -0700 

Where I can get the

0.30.20x tools for the 2.4.30-vs1.2.10 kernel ?

regards


Herbert Poetzl wrote:

On Wed, May 18, 2005 at 09:30:31PM -0400, Jean-Christophe Petit wrote:


Thanks Herbert,

sorry for the lack of infos:
2.4.30-vs1.2.10 with Per Context Quota/Disk Limits Addon q0.14
util-vserver-0.30-1mdk
vproc-0.01 <vproc-0.01.tar>

I'm using only one partition for all my 10 vps.

/etc/vservers/<vps-name>/fstab looks like:
/dev/hdv1       /       ext3     exec,dev,suid,rw,usrquota,grpquota 0 0

What can I do to have a /tmp with a noexec tag ?



you can modify the 'vserver' script to mount something
at /path/to/vserver/tmp, the 0.30 tools do not mount
anything at /tmp so you'll get what you vserver has
to offer there (i.e. very likely the same as you guest
root system)



I tried to add:
none            /tmp    ext3     noexec 0 0

with no success: when I restart the vps, nothing changes.
I need to do that for security reasons.



with 0.30.20x, the tools will mount a separate /tmp
and you can change the details in the config file
/etc/vservers/%name/fstab ...

HTH,
Herbert



thanks,

JC


Herbert Poetzl wrote:



On Wed, May 18, 2005 at 03:37:26PM -0400, Jean-Christophe Petit wrote:



I tried, but it doesn't seem to work.
My kernel is 2.4.30-vs1.2.10


probably mentioning that at the first posting would
have helped ... as would the tool version ;)

basically the tools 'mount' /tmp for the vserver guest
if you know where and when that happens, you can
fine tune the options ...

best,
Herbert



I'm using the quota patch: serveral vserver on one partition

thanks,
JC

Christian Heim wrote:



On Wednesday 18 May 2005 19:15, Jean-Christophe Petit ( JP )wrote:



how can I restrict the /tmp in a vserver to execute anything ?



You could try to edit /etc/vservers/<vps-name>/fstab by adding the option noexec to the /tmp entry. Don't know if it's supported by vserver or could break things.


_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver








--
Jean-Christophe Petit
Directeur R&D et DSI
Syspark inc.
T: 1 514 875 8755
F: 1 514 875 8775


_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to