I like the idea of making this a flagfile option.<br><br><div class="gmail_quote">On Mon, Jul 2, 2012 at 2:48 AM, Daniel P. Berrange <span dir="ltr"><<a href="mailto:berrange@redhat.com" target="_blank">berrange@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Sat, Jun 30, 2012 at 09:25:10PM -0400, Lars Kellogg-Stedman wrote:<br>
> > So, maybe setting any of this environment variables for nova-compute<br>
> > to desired value sholuld help.<br>
><br>
> Yeah, I was expecting that.<br>
><br>
> Given that this could easily take out a compute host I'd like to see<br>
> it get an explicit configuration value (or default to instance_dir, I<br>
> guess).<br>
<br>
</div>In Fedora 18, /tmp is going to be a RAM filesystem, so we absolutely<br>
must not create any sizeable files on /tmp.<br>
<br>
In addition from a security POV, we must aim to *never* use /tmp for<br>
anything at all<br>
<br>
  <a href="http://danwalsh.livejournal.com/11467.html" target="_blank">http://danwalsh.livejournal.com/11467.html</a><br>
<br>
It would be good to do a thorough audit of the code to make sure<br>
nothing is using the tmpfile functions without explicitly specifying<br>
a directory path that is private to the OpenStack daemon in question.<br>
<br>
Regards,<br>
Daniel<br>
<span class="HOEnZb"><font color="#888888">--<br>
|: <a href="http://berrange.com" target="_blank">http://berrange.com</a>      -o-    <a href="http://www.flickr.com/photos/dberrange/" target="_blank">http://www.flickr.com/photos/dberrange/</a> :|<br>
|: <a href="http://libvirt.org" target="_blank">http://libvirt.org</a>              -o-             <a href="http://virt-manager.org" target="_blank">http://virt-manager.org</a> :|<br>
|: <a href="http://autobuild.org" target="_blank">http://autobuild.org</a>       -o-         <a href="http://search.cpan.org/%7Edanberr/" target="_blank">http://search.cpan.org/~danberr/</a> :|<br>
|: <a href="http://entangle-photo.org" target="_blank">http://entangle-photo.org</a>       -o-       <a href="http://live.gnome.org/gtk-vnc" target="_blank">http://live.gnome.org/gtk-vnc</a> :|<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to     : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help   : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
</div></div></blockquote></div><br>