Closed itilitymaarten closed 5 years ago
@itilitymaarten 👋 you're spot on with how the agent works!
Looking into the code a bit, we use Golangs os.TempDir()
to figure out which path to put files in (docs here: https://golang.org/pkg/os/#TempDir)
The docs suggest that you can override the TMPDIR
environment variable with a new path. If you do that, I believe all the files will be written to that new location, instead of /tmp
.
Will close the issue for now - let me know if that doesn't work!
Don't know if this is the best way to handle it, but I added Environment=TMPDIR=/var/lib/buildkite-agent/tmp
to /usr/lib/systemd/system/buildkite-agent.service
.
Thanks for the workaround but ideally buildkite should not be executing files from /tmp by default. Could you default to the above that @regner did?
CIS compliance disables exec on /tmp for us, and it is a fairly sensible thing to do anyway.
If I understand the agent correctly, it creates a file in the /tmp folder in which it writes the commands that my pipeline needs. It then executes that file to run your actual pipeline.
I am currently trying to set up the agent on a system where /tmp is mounted with
noexec
, which means that I get a permission denied error when buildkite tries to run my pipeline. I'm not sure yet whether I can get this restriction removed, so I'm just exploring all my options.Is there a way that I can change this location of where the "commands file" is created? Or maybe change the temporary directory used by the entire agent all together?