Put "commands file" in other directory than /tmp

[itilitymaarten]

If I understand the agent correctly, it creates a file in the /tmp folder in which it writes the commands that my pipeline needs. It then executes that file to run your actual pipeline.

I am currently trying to set up the agent on a system where /tmp is mounted with noexec, which means that I get a permission denied error when buildkite tries to run my pipeline. I'm not sure yet whether I can get this restriction removed, so I'm just exploring all my options.

Is there a way that I can change this location of where the "commands file" is created? Or maybe change the temporary directory used by the entire agent all together?

[keithpitt]

@itilitymaarten 👋 you're spot on with how the agent works!

Looking into the code a bit, we use Golangs os.TempDir() to figure out which path to put files in (docs here: https://golang.org/pkg/os/#TempDir)

The docs suggest that you can override the TMPDIR environment variable with a new path. If you do that, I believe all the files will be written to that new location, instead of /tmp.

Will close the issue for now - let me know if that doesn't work!

[regner]

Don't know if this is the best way to handle it, but I added Environment=TMPDIR=/var/lib/buildkite-agent/tmp to /usr/lib/systemd/system/buildkite-agent.service.

[ghost]

Thanks for the workaround but ideally buildkite should not be executing files from /tmp by default. Could you default to the above that @regner did?

CIS compliance disables exec on /tmp for us, and it is a fairly sensible thing to do anyway.