Arvados

One of the advisories from the Center for Internet Security regarding hardening hosts is mounting the /tmp filesystem with noexec. This produces at least a couple of issues with the current way Arvados works in the cloud:

1. Compute AMI creation fails: The compute image creation base script attempts to execute a program in /tmp
   

   tools/compute-images/scripts/base.sh:135:  unzip -q /tmp/awscliv2.zip -d /tmp && $SUDO /tmp/aws/install

2. Arvados dispatch cloud by default copies itself to /tmp when launching a new compute node instance: While this can be fixed by a configuration change, the fix implies that compute node AMIs need to be upgraded to get newer crunch-run versions.