Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BC776200BB3 for ; Wed, 2 Nov 2016 18:44:00 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id BB357160B0D; Wed, 2 Nov 2016 17:44:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 16524160AF0 for ; Wed, 2 Nov 2016 18:43:59 +0100 (CET) Received: (qmail 93112 invoked by uid 500); 2 Nov 2016 17:43:59 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 93073 invoked by uid 500); 2 Nov 2016 17:43:59 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 93066 invoked by uid 99); 2 Nov 2016 17:43:59 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Nov 2016 17:43:59 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id D3F9E2C2A67 for ; Wed, 2 Nov 2016 17:43:58 +0000 (UTC) Date: Wed, 2 Nov 2016 17:43:58 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-9551) Pull KVM agent's tmp folder usage within its own folder structure MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 02 Nov 2016 17:44:00 -0000 [ https://issues.apache.org/jira/browse/CLOUDSTACK-9551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15629782#comment-15629782 ] ASF subversion and git services commented on CLOUDSTACK-9551: ------------------------------------------------------------- Commit bd85e5b4da0be5177f7fd766641c75dabaf9c45d in cloudstack's branch refs/heads/master from [~abhi_shapeblue] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=bd85e5b ] CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoid noexec on /tmp > Pull KVM agent's tmp folder usage within its own folder structure > ----------------------------------------------------------------- > > Key: CLOUDSTACK-9551 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9551 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Affects Versions: 4.2.1, 4.7.1, 4.9.1.0 > Reporter: Abhinandan Prateek > Assignee: Abhinandan Prateek > > We ran into an issue today where the sysadmins wanted to put /tmp on its own mount and set the "noexec" mount flag as a security measure. This is incompatible with the CloudStack KVM agent, because it stores JNA tmp files here and Java is unable to map into these objects. To get around this we moved the agent's temp dir to live with the agent files, which seems like a reasonable thing to do regardless of whether you're trying to secure /tmp. -- This message was sent by Atlassian JIRA (v6.3.4#6332)