blob: 5f6eb92ed36a44a966f613873aebd142c208942e (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# Handle Temporary Directories in the Container
## Tags
* type: feature
* assigned: fredm
* priority: critical
* status: closed, completed
* keywords: production, container, tux04
* interested: alexk, aruni, bonfacem, pjotrp, zsloan
## Description
The container's temporary directories should be in a large partition on the host to avoid a scenario where the writes fill up one of the smaller drives.
Currently, we use the `/tmp` directory by default, but we should look into transitioning away from that — `/tmp` is world readable and world writable and therefore needs careful consideration to keep safe.
Thankfully, we are running our systems within a container, and can bind the container's `/tmp` directory to a non-world-accessible directory, keeping things at least contained.
### Fixes
=> https://git.genenetwork.org/gn-machines/commit/?id=7306f1127df9d4193adfbfa51295615f13d32b55
|
