/tmp mount for each VEs on Node

The idea is to create a separate file which will contain a filesystem for /tmp directories for all VPS Hostinges and mount that file as a loop device using noexec,nosuid options.

It can be done thusly:

1) Create a special file, and create a filesystem inside that file and mount it:

# dd if=/dev/zero of=/vz/tmpVE bs=1k count=2000000
# losetup /dev/loop0 /vz/tmpVE
# mkfs.ext2 /dev/loop0
# mkdir /vz/tmpVEs
# mount /dev/loop0 /vz/tmpVEs -o noexec,nosuid,nodev,rw

2) Add the following lines into /etc/sysconfig/vz-scripts/dists/scripts/postcreate.sh:

function vztmpsetup()
{

VEID=`basename $VE_ROOT`

cp /etc/sysconfig/vz-scripts/new.mount /etc/sysconfig/vz-scripts/$VEID.mount
cp /etc/sysconfig/vz-scripts/new.umount /etc/sysconfig/vz-scripts/$VEID.umount

if [ “$” != “” ]; then
[ -d /vz/tmpVEs/$ ] && rm -rf /vz/tmpVEs/$VEID/*
fi

chmod 755 /etc/sysconfig/vz-scripts/$VEID.mount
/etc/sysconfig/vz-scripts/$VEID.umount

}

vztmpsetup

exit 0

3) Create “/etc/sysconfig/vz-scripts/new.mount”:

#!/bin/bash
#
# if one of these files does not exist then something is really broken
[ -f /etc/sysconfig/vz ] || exit 1
[ -f $VE_CONFFILE ] || exit 1
[ -f /etc/sysconfig/vz-scripts/$VEID.conf ] || exit 1
# Source configuration files to access $VE_ROOT
. /etc/sysconfig/vz
. $VE_CONFFILE
[ -e /vz/tmpVEs/$VEID ] || mkdir /vz/tmpVEs/$VEID
mount –bind /vz/tmpVEs/$VEID $VE_ROOT/tmp

4) Create “/etc/sysconfig/vz-scripts/new.umount”:

#!/bin/bash
# if one of these files does not exist then something is really broken
[ -f /etc/sysconfig/vz ] || exit 1
[ -f $VE_CONFFILE ] || exit 1
# Source configuration files to access $VE_ROOT
. /etc/sysconfig/vz
. $VE_CONFFILE
# Unmount shared directory
if grep “/vz/root/$VEID/tmp” /proc/mounts >/dev/null; then
umount $VE_ROOT/tmp
fi

5) Add the following lines into “/etc/rc.sysinit”:

losetup /dev/loop0 /vz/tmpVE
mount /dev/loop0 /vz/tmpVEs -o noexec,nosuid,nodev,rw

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: