Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-9551

Pull KVM agent's tmp folder usage within its own folder structure

Add voteWatch issue
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 4.2.1, 4.7.1, 4.9.1.0
    • None
    • None
    • Security Level: Public (Anyone can view this level - this is the default.)
    • None

    Description

      We ran into an issue today where the sysadmins wanted to put /tmp on its own mount and set the "noexec" mount flag as a security measure. This is incompatible with the CloudStack KVM agent, because it stores JNA tmp files here and Java is unable to map into these objects. To get around this we moved the agent's temp dir to live with the agent files, which seems like a reasonable thing to do regardless of whether you're trying to secure /tmp.

      Attachments

        Issue Links

          Activity

            People

              aprateek Abhinandan Prateek
              aprateek Abhinandan Prateek

              Dates

                Created:
                Updated:

                Slack

                  Issue deployment