Project

General

Profile

Actions

Bug #21999

closed

Support compute nodes with /tmp mounted with "noexec" flag

Added by Lucas Di Pentima 4 months ago. Updated 17 days ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Deployment
Story points:
-

Description

One of the advisories from the Center for Internet Security regarding hardening hosts is mounting the /tmp filesystem with noexec. This produces the following issue when creating a compute node image:

Compute AMI creation fails: The compute image creation base script attempts to execute a program in /tmp

tools/compute-images/scripts/base.sh:135:  unzip -q /tmp/awscliv2.zip -d /tmp && $SUDO /tmp/aws/install


Subtasks 1 (0 open1 closed)

Task #22118: Review 21999-packer-fixesResolvedLucas Di Pentima10/10/2024Actions

Related issues

Related to Arvados - Feature #22029: arvados-dispatch-cloud option to use a different directory than /tmp for staging the crunch-run binaryNewTom CleggActions
Blocked by Arvados - Support #22030: Have a testing environment where /tmp is noexecResolvedLucas Di PentimaActions
Actions

Also available in: Atom PDF