cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9551) Pull KVM agent's tmp folder usage within its own folder structure
Date Wed, 02 Nov 2016 17:42:58 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15629779#comment-15629779
] 

ASF subversion and git services commented on CLOUDSTACK-9551:
-------------------------------------------------------------

Commit b75e6958150f76a0c8f9cbfa24301da2d7cd2c6a in cloudstack's branch refs/heads/4.9 from
[~rohit.yadav@shapeblue.com]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=b75e695 ]

Merge pull request #1728 from shapeblue/4.9_9551

CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoidMove java tmp dir to
cloudstack-agent's path to avoid noexec on /tmp

* pr/1728:
  CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoid noexec on /tmp

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


> Pull KVM agent's tmp folder usage within its own folder structure
> -----------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9551
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9551
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.2.1, 4.7.1, 4.9.1.0
>            Reporter: Abhinandan Prateek
>            Assignee: Abhinandan Prateek
>
> We ran into an issue today where the sysadmins wanted to put /tmp on its own mount and
set the "noexec" mount flag as a security measure. This is incompatible with the CloudStack
KVM agent, because it stores JNA tmp files here and Java is unable to map into these objects.
To get around this we moved the agent's temp dir to live with the agent files, which seems
like a reasonable thing to do regardless of whether you're trying to secure /tmp.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message