Merge pull request #1728 from shapeblue/4.9_9551

CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoidMove java tmp dir to cloudstack-agent's path to avoid noexec on /tmp

* pr/1728:
  CLOUDSTACK-9551: Move java tmp dir to cloudstack-agent's path to avoid noexec on /tmp

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

packaging/centos63/cloud-agent.rc

@@ -26,6 +26,7 @@
 
 # set environment variables
 
+TMP=/usr/share/cloudstack-agent/tmp
 SHORTNAME=$(basename $0 | sed -e 's/^[SK][0-9][0-9]//')
 PIDFILE=/var/run/"$SHORTNAME".pid
 LOCKFILE=/var/lock/subsys/"$SHORTNAME"
@@ -41,6 +42,9 @@ if [ -z "$JSVC" ]; then
     exit 1;
 fi
 
+# create java tmp dir if not found
+mkdir -m 0755 -p "$TMP"
+
 unset OPTIONS
 [ -r /etc/sysconfig/"$SHORTNAME" ] && source /etc/sysconfig/"$SHORTNAME"
 
@@ -64,7 +68,7 @@ export CLASSPATH="/usr/share/java/commons-daemon.jar:$ACP:$PCP:/etc/cloudstack/a
 start() {
     echo -n $"Starting $PROGNAME: "
     if hostname --fqdn >/dev/null 2>&1 ; then
-        $JSVC -Xms256m -Xmx2048m -cp "$CLASSPATH" -pidfile "$PIDFILE" \
+        $JSVC -Djava.io.tmpdir="$TMP" -Xms256m -Xmx2048m -cp "$CLASSPATH" -pidfile "$PIDFILE" \
             -errfile $LOGDIR/cloudstack-agent.err -outfile $LOGDIR/cloudstack-agent.out $CLASS
         RETVAL=$?
         echo

packaging/centos7/cloud-agent.rc

@@ -26,6 +26,7 @@
 
 # set environment variables
 
+TMP=/usr/share/cloudstack-agent/tmp
 SHORTNAME=$(basename $0 | sed -e 's/^[SK][0-9][0-9]//')
 PIDFILE=/var/run/"$SHORTNAME".pid
 LOCKFILE=/var/lock/subsys/"$SHORTNAME"
@@ -41,6 +42,9 @@ if [ -z "$JSVC" ]; then
     exit 1;
 fi
 
+# create java tmp dir if not found
+mkdir -m 0755 -p "$TMP"
+
 unset OPTIONS
 [ -r /etc/sysconfig/"$SHORTNAME" ] && source /etc/sysconfig/"$SHORTNAME"
 
@@ -64,7 +68,7 @@ export CLASSPATH="/usr/share/java/commons-daemon.jar:$ACP:$PCP:/etc/cloudstack/a
 start() {
     echo -n $"Starting $PROGNAME: "
     if hostname --fqdn >/dev/null 2>&1 ; then
-        $JSVC -Xms256m -Xmx2048m -cp "$CLASSPATH" -pidfile "$PIDFILE" \
+        $JSVC -Djava.io.tmpdir="$TMP" -Xms256m -Xmx2048m -cp "$CLASSPATH" -pidfile "$PIDFILE" \
             -errfile $LOGDIR/cloudstack-agent.err -outfile $LOGDIR/cloudstack-agent.out $CLASS
         RETVAL=$?
         echo

packaging/debian/cloudstack-agent.init

@@ -33,6 +33,7 @@
 
 . /lib/lsb/init-functions
 
+TMP=/usr/share/cloudstack-agent/tmp
 SHORTNAME="cloudstack-agent"
 PIDFILE=/var/run/"$SHORTNAME".pid
 LOCKFILE=/var/lock/subsys/"$SHORTNAME"
@@ -45,6 +46,9 @@ SHUTDOWN_WAIT="30"
 unset OPTIONS
 [ -r /etc/default/"$SHORTNAME" ] && source /etc/default/"$SHORTNAME"
 
+# create java tmp dir if not found
+mkdir -m 0755 -p "$TMP"
+
 # The first existing directory is used for JAVA_HOME (if JAVA_HOME is not defined in $DEFAULT)
 JDK_DIRS="/usr/lib/jvm/java-7-openjdk-amd64 /usr/lib/jvm/java-7-openjdk-i386 /usr/lib/jvm/java-7-oracle /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-openjdk-i386 /usr/lib/jvm/java-6-openjdk-amd64 /usr/lib/jvm/java-6-sun"
 
@@ -96,7 +100,7 @@ start() {
 
     wait_for_network
 
-    if start_daemon -p $PIDFILE $DAEMON -Xms256m -Xmx2048m -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" -errfile SYSLOG $CLASS
+    if start_daemon -p $PIDFILE $DAEMON -Djava.io.tmpdir="$TMP" -Xms256m -Xmx2048m -cp "$CLASSPATH" -Djna.nosys=true -pidfile "$PIDFILE" -errfile SYSLOG $CLASS
         RETVAL=$?
     then
         rc=0

packaging/systemd/cloudstack-agent.default

@@ -19,3 +19,4 @@ JAVA=/usr/bin/java
 JAVA_HEAP_INITIAL=256m
 JAVA_HEAP_MAX=2048m
 JAVA_CLASS=com.cloud.agent.AgentShell
+JAVA_TMPDIR=/usr/share/cloudstack-agent/tmp

packaging/systemd/cloudstack-agent.service

@@ -27,7 +27,8 @@ EnvironmentFile=-/etc/default/cloudstack-agent
 ExecStart=/bin/sh -ec '\
     export ACP=`ls /usr/share/cloudstack-agent/lib/*.jar /usr/share/cloudstack-agent/plugins/*.jar 2>/dev/null|tr "\\n" ":"`; \
     export CLASSPATH="$ACP:/etc/cloudstack/agent:/usr/share/cloudstack-common/scripts"; \
-    ${JAVA} -Xms${JAVA_HEAP_INITIAL} -Xmx${JAVA_HEAP_MAX} -cp "$CLASSPATH" $JAVA_CLASS'
+    mkdir -m 0755 -p ${JAVA_TMPDIR} \
+    ${JAVA} -Djava.io.tmpdir="${JAVA_TMPDIR}" -Xms${JAVA_HEAP_INITIAL} -Xmx${JAVA_HEAP_MAX} -cp "$CLASSPATH" $JAVA_CLASS'
 Restart=always
 RestartSec=10s