Hello,
There should be no side effects.
Announcement
Collapse
No announcement yet.
/dev/shm not mounted noexec
Collapse
X
-
Is there anything in the CL internals that would be negatively affected if we mounted it noexec in /etc/cagefs/cagefs.mp? I guess not, just wanted to make sure?
Leave a comment:
-
Hello,
In my test environment /dev/shm is not mounted with noexec as well:
# mount |grep shm
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /usr/share/cagefs-skeleton/dev/shm type tmpfs (rw,nosuid,relatime)
Did you try to mount /dev/shm in the real file system with noexec first?
Leave a comment:
-
/dev/shm not mounted noexec
Is there a reason /dev/shm isnt mounted noexec by /etc/cagefs/cagefs.mp?
The user is in CageFS, though:
22720 *username obfuscated*  20   0 2451856  58620   1104 S 100.3  0.1   0:19.28 md
[root@*host obfuscated* ~]# crontab -l -u *username obfuscated*
* * * * * /dev/shm/.z/upd >/dev/null 2>&1
[root@*host obfuscated* ~]# ls -al /dev/shm/.z
total 4164
drwxr-xr-x 2 *username obfuscated* *username obfuscated*    260 Dec  6 19:27 .
drwxrwxrwt 3 root     root          60 Dec  6 19:27 ..
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*     329 Dec  6 16:58 a
-rw-r--r-- 1 *username obfuscated* *username obfuscated*       6 Dec  7 07:26 bash.pid
-rw-r--r-- 1 *username obfuscated* *username obfuscated*      42 Dec  6 19:27 cron.d
-rw-r--r-- 1 *username obfuscated* *username obfuscated*      12 Dec  6 19:27 dir.dir
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*   15125 Dec  6 16:58 h32
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*  838583 Dec  6 16:58 h64
-rwxr-xr-x 1 *username obfuscated* *username obfuscated* 2979640 Dec  6 16:58 md
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*  227220 Dec  6 16:58 md32
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*  168896 Dec  6 16:58 mdx
-rwxr-xr-x 1 *username obfuscated* *username obfuscated*     564 Dec  6 19:02 run
-rwxr--r-- 1 *username obfuscated* *username obfuscated*     182 Dec  6 19:27 updTags: None
Leave a comment: