Closed syuu1228 closed 5 months ago
Note that why this PR does not use tmpfs for /var/tmp is, since applications may expected temporary files on /var/tmp should be preserved between reboots (reference: https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard).
And this is part of: https://github.com/scylladb/scylla-pkg/issues/2953 Since CIS compliance rules says /tmp and /var/tmp mount option should be noexec, nodev, nosuid.
BTW, the issue is opened at enterprise version, should we move this to enterprise? Or it's fine to merge OSS version?
Need to move this to scylla-enterprise-machine-image, closing.
Mount separated /tmp, /var/tmp partition with apply noexec, nodev, nosuid options.
For /tmp it will use tmpfs. For /var/tmp, since it's difficult to add separated partition on machine-image, it will add 1GB loopback image on /vartmpfile, just like /swapfile. To setup the file, added scylla_var_tmp_setup which is modified version of scylla_swap_setup.
This will apply following CIS compliance rules:
Fixes scylladb/scylla-enterprise-machine-image#69 Related https://github.com/scylladb/scylla-pkg/issues/2953