cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9551) Pull KVM agent's tmp folder usage within its own folder structure
Date Tue, 25 Oct 2016 05:34:58 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15604268#comment-15604268
] 

ASF GitHub Bot commented on CLOUDSTACK-9551:
--------------------------------------------

GitHub user abhinandanprateek opened a pull request:

    https://github.com/apache/cloudstack/pull/1728

    CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoid

    Move java tmp dir to cloudstack-agent's path to avoid noexec on /tmp

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shapeblue/cloudstack 4.9_9551

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1728.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1728
    
----
commit bd85e5b4da0be5177f7fd766641c75dabaf9c45d
Author: Abhinandan Prateek <abhinandan.prateek@shapeblue.com>
Date:   2016-10-20T05:37:52Z

    CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoid
    noexec on /tmp

----


> Pull KVM agent's tmp folder usage within its own folder structure
> -----------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9551
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9551
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.2.1, 4.7.1, 4.9.1.0
>            Reporter: Abhinandan Prateek
>            Assignee: Abhinandan Prateek
>
> We ran into an issue today where the sysadmins wanted to put /tmp on its own mount and
set the "noexec" mount flag as a security measure. This is incompatible with the CloudStack
KVM agent, because it stores JNA tmp files here and Java is unable to map into these objects.
To get around this we moved the agent's temp dir to live with the agent files, which seems
like a reasonable thing to do regardless of whether you're trying to secure /tmp.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message