Canonical Juju

Automatic Separation of /tmp for LXD Containers

Bug #2052818 reported by Aymen Frikha on 2024-02-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Triaged	Wishlist	Unassigned

Bug Description

Currently, Juju does not support an automated process for separating the /tmp directory for LXD containers onto a separate disk partition. Administrators must manually intervene using LXD-specific procedures, which is not feasible or scalable for large deployments.

This is how we do it with lxd:
```
lxc storage volume create default c1-tmp size=1GiB
lxc config device add c1 tmp disk source=c1-tmp pool=default
lxc start c1
lxc exec c1 -- findmnt --mountpoint /tmp
TARGET SOURCE FSTYPE OPTIONS
/tmp /dev/mapper/vgubuntu-root[/var/lib/lxd/storage-pools/default/custom/default_c1-tmp] ext4 rw,relatime,errors=remount-ro
```

The lack of this feature complicates compliance with CIS standards, potentially exposing deployments to security risks associated with shared /tmp directories.

Revision history for this message

Aymen Frikha (aym-frikha) wrote on 2024-02-09:

subscribed field-high

Joseph Phillips (manadart) on 2024-02-15

Changed in juju:
status:	New → Triaged
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.