Execute salt remote commands with /tmp and /var/tmp mounted with "noexec"
This document (7023646) is provided subject to the disclaimer at the end of this document.
SUSE Manager 3.1
SUSE Manager 4.0
SUSE Manager 4.1
SUSE Manager 4.2
SUSE Manager 4.3
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 2 (SLES 12 SP2)
Failed to execute script. [jid=20190117084157143144] During bootstrapping we receive error such as: Unable to extract the bundle from /tmp/salt-bundle-7eFsELkTaf/venv-salt-minion-3004-150000.3.8.1.x86_64.rpm!
systemctl edit --full salt-minion...[Unit]
Description=The Salt Minion
WantedBy=multi-user.target...systemctl daemon-reloadsystemctl restart salt-minionor, more elegantly, create a drop-in file:cat /etc/systemd/system/salt-minion.service.d/TMPDIR.conf:
Avoid mount points with noexec option
From python doc:
tempfile.mkstemp([suffix=''[, prefix='tmp'[, dir=None[, text=False]]]]) ... If dir is specified, the file will be created in that directory; otherwise, a default directory is used. The default directory is chosen from a platform-dependent list, but the user of the application can control the directory location by setting the TMPDIR, TEMP or TMP environment variables. There is thus no guarantee that the generated filename will have any nice properties, such as not requiring quoting when passed to external commands via os.popen().
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023646
- Creation Date: 17-Jan-2019
- Modified Date:13-Sep-2022
- SUSE Linux Enterprise Server
- SUSE Manager
- SLES 12 Module: Advanced System Management Module
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com