On Wed, May 18, 2005 at 09:30:31PM -0400, Jean-Christophe Petit wrote: > Thanks Herbert, > > sorry for the lack of infos: > 2.4.30-vs1.2.10 with Per Context Quota/Disk Limits Addon q0.14 > util-vserver-0.30-1mdk > vproc-0.01 <vproc-0.01.tar> > > I'm using only one partition for all my 10 vps. > > /etc/vservers/<vps-name>/fstab looks like: > /dev/hdv1 / ext3 exec,dev,suid,rw,usrquota,grpquota 0 0 > > What can I do to have a /tmp with a noexec tag ?
you can modify the 'vserver' script to mount something at /path/to/vserver/tmp, the 0.30 tools do not mount anything at /tmp so you'll get what you vserver has to offer there (i.e. very likely the same as you guest root system) > I tried to add: > none /tmp ext3 noexec 0 0 > > with no success: when I restart the vps, nothing changes. > I need to do that for security reasons. with 0.30.20x, the tools will mount a separate /tmp and you can change the details in the config file /etc/vservers/%name/fstab ... HTH, Herbert > thanks, > > JC > > > Herbert Poetzl wrote: > > >On Wed, May 18, 2005 at 03:37:26PM -0400, Jean-Christophe Petit wrote: > > > >>I tried, but it doesn't seem to work. > >>My kernel is 2.4.30-vs1.2.10 > > > >probably mentioning that at the first posting would > >have helped ... as would the tool version ;) > > > >basically the tools 'mount' /tmp for the vserver guest > >if you know where and when that happens, you can > >fine tune the options ... > > > >best, > >Herbert > > > >>I'm using the quota patch: serveral vserver on one partition > >> > >>thanks, > >>JC > >> > >>Christian Heim wrote: > >> > >>>On Wednesday 18 May 2005 19:15, Jean-Christophe Petit ( JP )wrote: > >>> > >>>>how can I restrict the /tmp in a vserver to execute anything ? > >>>> > >>>You could try to edit /etc/vservers/<vps-name>/fstab by adding the > >>>option noexec to the /tmp entry. Don't know if it's supported by vserver > >>>or could break things. > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
