opendj fails to start on a /var mountpoint mounted with noexec #590
Description
Describe the bug
Opendj fails to start if data (instance.loc) is on the /var filesystem as it is mounted with NOEXEC option.
To Reproduce
Steps to reproduce the behavior:
- Install opendj on /opt/opendj and point instance.loc to /var/opt/opendj where /var fs is noexec option
- try to install the server
- it will fail when it tries to extract / execute the bouncy castle native jce shared library on boot on /var
The the default TMP created by lib/_script-util.sh is unconditionally OPENDJ_TMP_DIR="${INSTANCE_ROOT}/tmp" where INSTANCE_ROOT is on /var which is set noexec.
< if test -z "${OPENDJ_TMP_DIR}"
< then
< OPENDJ_TMP_DIR="${INSTANCE_ROOT}/tmp"
< fi
---
> OPENDJ_TMP_DIR="${INSTANCE_ROOT}/tmp"
The above change to lib/_script-util.sh will allow the tmp directory to be mounted somewhere that can exec, such as in /opt/opendj/tmp, along with the bin/lib parts which already have execute permisisons on /opt)
This is a workaround, but it means opendj can work in the context of a strict noexec mount policy on /var
Expected behavior
The server should start ideally catching the error saying "please set OPENDJ_TMP_DIR" if the bouncy castle shared library extract / execute fails, or at least allow OPENDJ_TMP_DIR to be overridden rather than having a fixed value.
Additional context
This is applies to any linux system with a /var set with noexec option, which is increasingly common for security reasons . There is a similar issue not being able to set a custom temp dir with lib/_script-util.bat, but it might not be an issue on a non-linux operating system, except possibly to have it in a different place.