Using /scripts/securetmp to secure /tmp

keddie

Well-Known Member
Nov 17, 2007
50
0
56
When I run this script, I get the following:

[email protected] [~]# /scripts/securetmp
Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) y
Securing /tmp & /var/tmp
The system does not support loop devices.

Then the script exits without applying any changes.

Has anyone else seen this issue?

Regards,

Al
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
458
cPanel Access Level
Root Administrator
The problem is clearly stated: your system lacks support for loop devices. This means the loopback file created by securetmp cannot be mounted and used. You'll need to contact your host provider to get this resolved.
 

keddie

Well-Known Member
Nov 17, 2007
50
0
56
Hi Kenneth, thanks for the speedy response.

The system is running on a Centos VPS, and I have root access.

Could anyone enlighten me on how to enable support for loop devices so that I can run this script?

Is this a common issue when this script is used to secure /tmp ?

Regards,

Al
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
458
cPanel Access Level
Root Administrator
If you are using Virtuozzo, I believe this must be done from the host node, rather than inside the guest.
 

keddie

Well-Known Member
Nov 17, 2007
50
0
56
Thanks again for your reply Kenneth.

I am using Virtuozzo and I also have root access to the host node (I have 3 WHM / Centos VPS's on it).

I have tried googling around and searching other sites for how to enable loop support but I can't seem to find any information on this.

On the node I entered:

modprobe loop

to enable the loop kernel module on the node. lsmod shows the loop module as being loaded. I restarted the VE then reran the script but still the same thing. I'm wondering if there is further configuration required to enable loop on the guest VEs?

I also tried adding:

BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "

to vz.conf on the node, still no luck securing /tmp

Really, I'm wondering how other VPS based cpanel admins deal with securing /tmp? Given the large number of Virtuozzo VPS's in use, this issue must crop up a fair bit?

My apologies if this is a little off topic,
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
458
cPanel Access Level
Root Administrator
Hmmm, it may not be possible on Virtuozzo systems. I know we added the loop device detection specifically for VPS environments. From your description I do believe it was for Virtuozzo.
 

keddie

Well-Known Member
Nov 17, 2007
50
0
56
That would make sense.

I'll keep looking and post back if I find a solution.

Al