Secure the TMP Directory

Enterprise security policies often require mounting the /tmp directory with the no execution (noexec) flag. By default, Cassandra Java Native Access (JNA) is mapped to /tmp; JNA requires an executable directory to start. Remap JNA to a different (executable) directory and change permissions to allow full access to the user that runs the DataStax Enterprise (DSE) service.

There are three files that control Java Virtual Machine options:

jvm-server.options: options independent of any particular JVM
jvm8-server.options: options particular to JVM 8
jvm11-server.options: options particular to JVM 11

JVM Options Files
Filename	Location dependent on the type of installation
jvm[8 \| 11] -server.options	Package installations: `/etc/dse/cassandra/jvm [8 \| 11] -server.options` Tarball installations: `<installation_location>/resources/cassandra/conf/jvm [8 \| 11] -server.options`

Procedure

Create a directory and grant full access to the Apache Cassandra user.
Map the JNA temporary directory; in jvm-server.options file, add the following flag with the path to the new directory:
```
-Djna.tmpdir=<JNA_startup_directory>
```

Restart DataStax Enterprise.

If DSE fails to start because the JNA startup directory is not available, the following error may appear in the system log:

tail -3 /var/log/cassandra/system.log

The error is similar to:

ERROR main 2015-12-18 09:57:00,879 CassandraDaemon.java:213 - JNA failing to initialize properly. Use -Dcassandra.boot_without_jna=true to bootstrap even so.
INFO Thread-2 2015-12-18 09:57:00,880 DseDaemon.java:418 - {product-short} shutting down...
INFO Thread-2 2015-12-18 09:57:00,881 PluginManager.java:103 - All plugins are stopped.

See JNA fails to initialize.

Secure the TMP Directory

Procedure

Was this helpful?

Give Feedback