When hardening RHEL systems, we often modify /etc/fstab with security flags like:

UUID=7835718b    /tmp    ext4    nodev,nosuid,noexec  1 2
/tmp             /var/tmp    none    bind              0 0

But testing these configurations becomes painful when you need to:

• Temporarily relax permissions (e.g., allow exec on /tmp for development)
• Test XFS performance parameters like logbufs=8
• Maintain bind mount consistency

Unlike sysctl -p for kernel parameters, mounting lacks a single-command reload. Here's the most efficient approach:

# For non-bind mounts:
mount -o remount /

# For bind mounts (require explicit specification):
mount --bind /tmp /var/tmp

# Full fstab reload (caution with network mounts):
awk '$1 !~ /^#/ && $2 ~ /^\// {print $2}' /etc/fstab | xargs -r mount -o remount

1. Bind Mount Challenges:

# This WON'T work:
mount -o remount,exec /var/tmp

# This works:
mount --bind -o remount,exec /tmp /var/tmp

2. SELinux Contexts:
Add -i to ignore contexts during remount if encountering permission errors:

mount -o remount,exec -i /tmp

3. XFS-specific Parameters:
Some options like nobarrier require unmounting first:

umount /vol1
mount UUID=3213123c /vol1 -o noatime,logbufs=8

For frequent testing cycles, save this as remount-fstab.sh:

#!/bin/bash
while read -r dev mnt type opts _; do
  [[ "$dev" =~ ^#|^$ ]] && continue
  if grep -q "bind" <<< "$opts"; then
    src=$(awk -v m="$mnt" '$2 == m {print $1}' /etc/fstab)
    mount --bind -o remount "$src" "$mnt"
  else
    mount -o remount "$mnt"
  fi
done < /etc/fstab

---

When hardening Linux systems (particularly RHEL/CentOS), we often need to test various /etc/fstab mount options like nodev, nosuid, noexec, or XFS-specific parameters. The real pain comes when you need to:

# Current mount shows modified options
$ mount | grep /tmp
/dev/sda3 on /tmp type ext4 (rw,nosuid,nodev,exec)

Notice the exec option sneaking in despite noexec being specified in fstab? Let's fix this properly.

Standard mount -o remount often fails on hardened systems due to:

• SELinux context mismatches
• Bind mount complications
• Negated option conflicts (noexec vs exec)

Example failure:

# Common error you might see
$ mount -o remount /tmp
mount: /tmp not mounted or bad option

For a complete reset to fstab settings:

# 1. Unmount the target (if possible)
umount /tmp 2>/dev/null || true

# 2. Remount with full specification
mount -o remount /dev/sda3 /tmp

# 3. Verify with proc mounts
cat /proc/mounts | grep /tmp

For servers with complex fstab configurations (like the example with bind mounts and XFS):

#!/bin/bash
# Reload all fstab entries except special filesystems
while read -r device mountpoint fstype options _; do
  [[ "$device" =~ ^#|^$ ]] && continue
  [[ "$fstype" =~ (proc|sysfs|devpts|tmpfs) ]] && continue
  
  echo "Resetting $mountpoint ($device)"
  umount "$mountpoint" 2>/dev/null
  mount -o remount "$device" "$mountpoint"
done < /etc/fstab

For bind mounts like /var/tmp in the example:

# Must unmount and recreate bind mounts completely
umount /var/tmp
mount --bind /tmp /var/tmp

If remount fails, check SELinux contexts:

# Restore default contexts
restorecon -v /tmp /var/tmp

# Verify contexts
ls -Z / | grep tmp

On modern systems with systemd:

# Attempt to reload all mount units
systemctl daemon-reload
systemctl restart local-fs.target

Note: This may still not handle all custom options as expected - verify with mount afterwards.

Always confirm with both:

# Check current effective options
findmnt -o OPTIONS /tmp

# Compare with fstab intent
grep /tmp /etc/fstab