beats icon indicating copy to clipboard operation
beats copied to clipboard
verified publisher icon elastic

[Filebeat] Unable to set noexec on /tmp

Open michel-laterman opened this issue 7 months ago • 3 comments

Users are currently unable to set noexec on /tmp for a *nix OS as filebeat diagnostics use the OS's default temp directory when gathering the registry. See https://github.com/elastic/beats/blob/0678f4d96212ac968fc90596e60475ed2f3979e1/filebeat/beater/diagnostics.go#L78

We should change this to a directory that can be supplied through some other means. For the elastic-agent we have paths.TempDir, we should use something similar for this creation call.

michel-laterman avatar Jun 12 '25 17:06 michel-laterman

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

elasticmachine avatar Jun 12 '25 17:06 elasticmachine

Agent PR that fixes a similar issue: https://github.com/elastic/elastic-agent/pull/8472

michel-laterman avatar Jun 12 '25 17:06 michel-laterman

Just as a note setting $TMPDIR will control where this file is created; this issue can be regarded as low-priority as we have a work-around.

michel-laterman avatar Jun 18 '25 15:06 michel-laterman