After installing oc and oc mirror, running oc mirror shows no output in the console and the command fails.
This happens when the /tmp directory is mounted with the noexec option.
$ oc-mirror version --output yaml --v2 (no output)
This is because oc-mirror copies itself to a path like /tmp/oc-mirror-<random numbers>/oc-mirror and tries to run it from there.
If /tmp is mounted as noexec, it cannot run the copied binary.
482189 execve("/tmp/oc-mirror-XXXXXXXXXXXX/oc-mirror", ["oc-mirror", "version", "--output", "yaml", "--v2"], 0xc000a8a0e0 /* 27 vars */ <unfinished ...> 482171 nanosleep({tv_sec=0, tv_nsec=20000}, NULL) = 0 482171 nanosleep({tv_sec=0, tv_nsec=20000}, <unfinished ...> 482189 <... execve resumed>) = -1 EACCES (Permission denied)
To work around this, it is possible to set the TMPDIR environment variable to a directory that is not mounted with noexec.
mkdir -p "$HOME/tmp_exec" export TMPDIR="$HOME/tmp_exec"
According to the link below, mounting /tmp with noexec is a recommended security setting, so it is not uncommon for users to configure it this way:
So, it would be helpful if oc-mirror could detect this case and show a clear message in the console when it fails to run due to noexec on the target directory.
- relates to
-
OCPBUGS-59760 oc mirror command produces no output when executed on RHEL 8 with /tmp mounted as noexec in /etc/fstab
-
- Closed
-