Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[systemd] Use a private /tmp directory #112372

Merged
merged 4 commits into from
Oct 1, 2021
Merged

Conversation

jbudz
Copy link
Member

@jbudz jbudz commented Sep 16, 2021

This creates an isolated tmp directory for the kibana service. Reads
and writes to /tmp will end up in /tmp/systemd-private-*-kibana.service-*/tmp,
isolated to the current process.

Reference: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=

In practice, after #112198 I believe the only remaining use of os.tmpdir() in production is by the legacy log rotation feature.

I tested access by setting:

logging.rotate:
  enabled: true
  usePolling: true
logging.dest: /var/log/kibana/kibana.log

I tailed logs until setup was done and there were no errors:

{"type":"log","@timestamp":"2021-09-15T21:33:44-05:00","tags":["warning","logging:rotate"],"pid":159674,"message":"Looks like
 your current environment support a faster algorithm than polling. You can try to disable `usePolling`"}

This creates an isolated tmp directory for the kibana service.  Reads
and writes to /tmp will end up in /tmp/systemd-private-*-kibana.service-*/tmp,
isolated to the current process.
@jbudz jbudz added Team:Operations Team label for Operations Team v8.0.0 release_note:skip Skip the PR/issue when compiling release notes labels Sep 16, 2021
@jbudz jbudz requested a review from a team as a code owner September 16, 2021 02:38
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-operations (Team:Operations)

@jbudz
Copy link
Member Author

jbudz commented Sep 20, 2021

@elasticmachine merge upstream

@jbudz
Copy link
Member Author

jbudz commented Sep 27, 2021

@elasticmachine merge upstream

@tylersmalley
Copy link
Contributor

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@jbudz jbudz merged commit 8928a1e into elastic:master Oct 1, 2021
@jbudz jbudz deleted the systemd/privatetmp branch October 1, 2021 14:18
@jbudz jbudz added the backport:skip This commit does not require backporting label Oct 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Operations Team label for Operations Team v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants