similar to: why does automounting removable media always have options nodev, noexec, nosuid?

Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in solaris land forever and a day and this is a pretty standard security measure. I noticed CentOS comes default mounting /tmp with both those options allowed.. I'm getting constant php hack attacks against (mostly script kiddie level stuff right now) my server and will rest much easier with this setting in place..

https://bugzilla.mindrot.org/show_bug.cgi?id=3715 Bug ID: 3715 Summary: safely_chroot is a little too restrictive: noexec or nosuid should be enough Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like to get add a new Wiki entry regarding Automounting with HAL for CentOS 5, since the behaviour is very different than CentOS 4. Main points: - - Making automounting hotpluggable devices work with other WMs - - Overriding the default mount point - - Overriding the default mount options (noexec etc) Small nightmare here to find out how

amd from the amd-920824upl102-6.i386.rpm file distributed with RedHat Linux 4.1 does not honor the nodev option for NFS filesystems and probably other mount types, allowing any user access to the device files in /dev on a system, provided that they have root access to another linux box on the network. In addition, the default amd.conf from RH 4.1 maps /net/* to NFS mounting, which makes the bug in

Hello, I am fixing up a system for someone and they did not make a separate partition for /tmp...but I want to make it noexec, nosuid. I came across a site that said I could skip all the mount/unmount and new partition stuff (which would probably include downsizing a lvm to make room for it)... by adding this in fstab /tmp /tmp bind nosuid,noexec,bind 0 0 and then reboot... There is

Hello, Been try to use autofs to mount and unmount a usb flashdrive. The mount point is /media When the drive is NOT inserted, /media is empty. When Iinsert the drive, I see directories in /media that are on the usb drive but nocontent. So, its kind working. /etc/auto,master: # # Sample auto.master file # This is a 'master' automounter map and it has thefollowing format: #

On 06/10/2013 01:41 PM, pr.G wrote: > On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote: >> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: >>> On 06/09/2013 08:14 PM, pr.G wrote: >>>> Hello. >>>> >>>> Is it possible to start container via libvirt_lxc without mounting /sys >>>> inside container?

Hello Hendrik Can you help input 2 commands 'mount' and 'df -TPh' on OMV, and post the output to us, thank you. -- Regards, Jones Syue | ??? QNAP Systems, Inc.

Hello Joenes, below you find the output. I did not shorten it by tmpfs and the docker related entries. Are you working on fixing the Issue I described? Regards, Hendrik df -TPh Dateisystem Typ Gr??e Benutzt Verf. Verw%

libvirt-3.0.0 When attemping to create a virtual machine I receive the error "error : Failed to switch root mount into slave mode: Permission denied”. I’m attempting to run qemu/libvirt/virt-manager in an Arch Linux lxc container on a Ubuntu 16.04 host. The host uses zfs for its containers. The arch container is set up as a priveleged container. I do already have kvm/qemu/libvirt working

Hello! How do i get pass this error? offlinehacker:~/ $ virsh --debug 0 -c lxc:/// create o1.xml create: file(optdata): o1.xml error: Failed to create domain from o1.xml error: internal error: No valid cgroup for machine c1 My cgroups seem to be mounted: cgroup on /sys/fs/cgroup/systemd type cgroup

Hi all Each lxc container on node have mounted tmpfs for cgroups tree: [root-inside-lxc@tst1 ~]# mount | grep cgroups cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on

On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: > On 06/09/2013 08:14 PM, pr.G wrote: > > Hello. > > > > Is it possible to start container via libvirt_lxc without mounting /sys > > inside container? > > > > When I start container via lxc-start and do not add mount point to config, > > then /sys inside container is empty. > > >

Is still not working Sep 25 13:45:46 ubuntucliente lightdm[702]: (pam_mount.c:365): pam_mount 2.14: entering auth stage Sep 25 13:45:46 ubuntucliente org.gtk.vfs.Daemon[9012]: A connection to the bus can't be made Sep 25 13:45:46 ubuntucliente systemd[1]: Started Session c16 of user prueba3. Sep 25 13:45:46 ubuntucliente lightdm[702]: (pam_mount.c:568): pam_mount 2.14: entering session stage

Error on domain option !! Sep 25 12:04:33 ubuntucliente lightdm[702]: (mount.c:664): Password will be sent to helper as-is. Sep 25 12:04:33 ubuntucliente lightdm[702]: command: 'mount' '-t' 'cifs' '//domain-server2/FS_PRUEBA_3' '/home/prueba3/compartido' '-o' 'username=prueba3,uid=50006,gid=50027,username=prueba3,uid=50006,gid=50027,domain'

This is yet-another reason to _partition_ your disks. Of course hard links do not work accross filesystems. Even thought it is a pain in the neck to do when installing your operating system, think about separating critical system files from non-critical and non-system files from system files. I would say that the following layout is a good place to start: / /usr (nosuid,nodev,ro) /usr/local

Sorry I in the same topic of that, trying to map whit pam_mount, but I still having problems Attach the syslog error. Sep 25 10:00:15 ubuntucliente lightdm[702]: (pam_mount.c:365): pam_mount 2.14: entering auth stage Sep 25 10:00:15 ubuntucliente org.gtk.vfs.Daemon[5287]: A connection to the bus can't be made Sep 25 10:00:15 ubuntucliente systemd[1]: Started Session c10 of user prueba3. Sep

On 25/09/2020 12:55, Robert Wooden wrote: > Thanks Dr, Naumer and Rowland. > > Although still not quite correct, my pam_mount.conf.xml looks like: > root at lws4:~# cat /etc/security/pam_mount.conf.xml > <debug enable="1" /> > <volume fstype="fuse" > server="mbr04.subdom.example.com <http://mbr04.subdom.example.com>" >

Hello I try to implement pam_mount and I have errors. When I login to ubuntu desktop client I have an error with "mounting read-only" but if later to logon on domain I go to the files application and map the resource shares manually, work fine. Attach the syslog trace: Sep 24 10:22:13 ubuntucliente lightdm[708]: (pam_mount.c:365): pam_mount 2.14: entering auth stage Sep 24 10:22:20

Hi, With a non-root user account, I am launching virtual machines and would like to get CPU stats for each Core (using python API or not) but face the following problem: - When I issue the command "virsh --readonly cpu-stats MY_DOMAIN" I got the following error: error: Failed to retrieve CPU statistics for domain 'MY_DOMAIN' error: Requested operation is not valid: cgroup