similar to: Mounting /tmp nosuid,noexec

i'm experimenting with some basic removable media mounting exercises for an upcoming class, and i read that, while you can use gconf-editor to change some of the mount options in cases like that, there is no way to override the mount options of nodev, noexec and nosuid. for example, that claim is made here (admittedly for fedora, but it appears to be true for centos as well):

Hello, I am fixing up a system for someone and they did not make a separate partition for /tmp...but I want to make it noexec, nosuid. I came across a site that said I could skip all the mount/unmount and new partition stuff (which would probably include downsizing a lvm to make room for it)... by adding this in fstab /tmp /tmp bind nosuid,noexec,bind 0 0 and then reboot... There is

Not sure if this is a bug or a feature, but it seems like potential security risk: I have a ufs fs mounted rw+nosuid, then I needed to downgrade it to ro, so I executed mount -u -r on it - imagine my surpise when I found that nosuid flag was removed as well. I know I could have used mount -u -r -o nosuid, but the present behavior seems to be non-obvious (update one flag, orthogonal flags dropped

I noticed after my install that the tmp directory was A- not a sticky B- still executable I went and changed etc/fstab to add loop,noexec,nosuid,rw, which I hope is the right thing to do. I rebooted and it looks like it worked. When doing an ls -l on the main directory, the tmp folder lit up all green in putty (cool, I hope) But the chmods I did with winscp will not take effect (they do on

Hello, I've been playing a bit with the "noexec" flag for filesystems. It can represent a substantial obstacle against the exploitation of security holes. However, I think it's not perfect yet. First thing, an attempt to execute a program from a noexec-mounted filesystem should be logged. It is either a very significant security event, or it can drive nuts an

On 06/10/2013 01:41 PM, pr.G wrote: > On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote: >> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: >>> On 06/09/2013 08:14 PM, pr.G wrote: >>>> Hello. >>>> >>>> Is it possible to start container via libvirt_lxc without mounting /sys >>>> inside container?

Hello Hendrik Can you help input 2 commands 'mount' and 'df -TPh' on OMV, and post the output to us, thank you. -- Regards, Jones Syue | ??? QNAP Systems, Inc.

Hello! How do i get pass this error? offlinehacker:~/ $ virsh --debug 0 -c lxc:/// create o1.xml create: file(optdata): o1.xml error: Failed to create domain from o1.xml error: internal error: No valid cgroup for machine c1 My cgroups seem to be mounted: cgroup on /sys/fs/cgroup/systemd type cgroup

On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: > On 06/09/2013 08:14 PM, pr.G wrote: > > Hello. > > > > Is it possible to start container via libvirt_lxc without mounting /sys > > inside container? > > > > When I start container via lxc-start and do not add mount point to config, > > then /sys inside container is empty. > > >

Hi all Each lxc container on node have mounted tmpfs for cgroups tree: [root-inside-lxc@tst1 ~]# mount | grep cgroups cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on

"to memory" means: mounting a ~2 GByte filesystem [ tmpfs?, or ramfs? ], and put the "/tmp" on it. [ e.g.: 4 GByte ram in the pc ]. what to write in the "/etc/fstab"? I would like to collect the [ answers too:P ]: Advantages: - Memory is way faster then HDD/SSD, so it could speed things up - "SSD amortization" is less Disadvantages: - Security?

Error on domain option !! Sep 25 12:04:33 ubuntucliente lightdm[702]: (mount.c:664): Password will be sent to helper as-is. Sep 25 12:04:33 ubuntucliente lightdm[702]: command: 'mount' '-t' 'cifs' '//domain-server2/FS_PRUEBA_3' '/home/prueba3/compartido' '-o' 'username=prueba3,uid=50006,gid=50027,username=prueba3,uid=50006,gid=50027,domain'

On 25/09/2020 12:55, Robert Wooden wrote: > Thanks Dr, Naumer and Rowland. > > Although still not quite correct, my pam_mount.conf.xml looks like: > root at lws4:~# cat /etc/security/pam_mount.conf.xml > <debug enable="1" /> > <volume fstype="fuse" > server="mbr04.subdom.example.com <http://mbr04.subdom.example.com>" >

Hi Samba List, I am finding a strange problem between a mount samba directory. Any clues why this is happening? The server side is WD MyBook World Edition II and the export directory is: /shares/internal/Music/ on the client site I am mounting the directory to /mnt/mybook-music the client is an ubuntu server $ uname -a Linux tsunami 2.6.24-22-generic #1 SMP Mon Nov 24 18:32:42 UTC 2008

This is yet-another reason to _partition_ your disks. Of course hard links do not work accross filesystems. Even thought it is a pain in the neck to do when installing your operating system, think about separating critical system files from non-critical and non-system files from system files. I would say that the following layout is a good place to start: / /usr (nosuid,nodev,ro) /usr/local

I have a laptop that has no CDROM, so I have to use an ISO. Anyway, I use to be able to mount the ISO at /media/cdrom and wine would recognize it as a cdrom. Now, when I try the same thing it doesn't recognize it as a cdrom. I have added /media/cdrom as a cdrom in winecfg, but still no luck. Can someone help me out, because this is the only thing preventing me from using my program (damn DRM).

On 12/31/2015 10:34 AM, Rowland penny wrote: > On 31/12/15 15:27, James wrote: >> On 12/31/2015 10:10 AM, Rowland penny wrote: >>> On 31/12/15 14:43, James wrote: >>>> On 12/30/2015 4:14 PM, Rowland penny wrote: >>>>> ./configure --prefix=/usr --mandir=/usr/share/man >>>>> --infodir=/usr/share/info --sysconfdir=/etc/bind

Hi! I am using xen-tools version: 3.9-4 to create domUs: 1. time xen-create-image --verbose --dist=lenny --install-source=/mnt/xen-file-images/lenny-64-template-debootstrap-30Jun09-fix2.tar --hostname dummy --ip xxx.xxx.xxx.xxx --force 2. xm create dummy.cfg Then I get the message Device /dev/vg0/dummy-disk is mounted in the privileged domain, and so cannot be mounted by a guest. 3. When I

On Thu, Jun 06, 2013 at 06:26:23PM +0200, Matteo Bernardini wrote: > On 05/22/2013 11:01 AM, Matteo Bernardini wrote: > > Hi, > > > > I've got a small problem using libvirt-1.0.5.1 (with the latest patch in > > the v1.0.5-maint branch on git added). > > I'm using slackware64-14.0 but the situation is exactly the same described > > on a debian bug

On 24/09/2020 14:57, L.P.H. van Belle wrote: > Kerberos does that fine with ip only you must have a PTR record to the hostname. ;-) > And this only works if people didnt set rdns=no in krb5.conf > Kerberos does not work with ipaddresses, when did you last see an ipaddress in a keytab, UPN or SPN ?? Rowland