On 03/21/2016 06:58 PM, Simon Choucroun wrote:
Hi Kir,
Sorry to e-mail you , I know that you must be really busy with VZ and
CRIU these days but i am looking for a solution and have looked
everywhere without any concrete answer, maybe you can help.
I am trying to create a internal product that is using ploop as the
device image( much better than loop!)
The issue i am having is that i am trying to mount the ploop image
with noexec,nosuid for enhanced security. When i pass it to the -o
parameter, it is erroring out.
ploop mount -o nosuid,noexec -m /backup/staging
/mounts/staging/DiskDescriptor.xml
I also checked the documentation for ploop but unfortunately, there is
no option explanation or example for the -o flag.
Hi Simon,
The value of the -o option is passed directly to the mount() syscall, as
the "data"
argument, and it might contain some fs-specific options. Here's an
excerpt from
mount(2) man page:
The data argument is interpreted by the different file
systems. Typi-
cally it is a string of comma-separated options understood by
this file
system. See mount(8) for details of the options available
for each
filesystem type.
Now, options MS_NOEXEC and MS_NOSUID are not fs-specific but generic.
Unfortunately, currently there's no way to pass those to ploop command
(although it's relatively easy to add).
A workaround would be to mount ploop as device only, and then use usual
"mount"
command to actually mount the fs. Example:
[root@tpad-ovz1 root.hdd]# ploop mount DiskDescriptor.xml
Opening delta /vz/private/202/root.hdd/root.hdd
Adding delta dev=/dev/ploop32746 img=/vz/private/202/root.hdd/root.hdd (rw)
[root@tpad-ovz1 root.hdd]# mount -o noexec,nosuid /dev/ploop32746p1 mnt
As you can see, you need to figure out the ploop device (and add p1 to
it for a partition).
You can figure it out by e.g. parsing the output of "ploop mount" or
"ploop list".
Let me know if you have any more questions, and I am Ccing users@ list
as there
might be some people who are also interested in that.
Kir.
_______________________________________________
Users mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/users
