We are experiencing an issue with our AXA environment which needs to have /tmp to have exec permissions, this goes against our internal security polices and as such we need to understand why this is the case, and how we can stop it.
It appears from my investigation that the Elasticsearch component uses the /tmp directory to create a executable file on startup called snappy-1.2.3-xxxx.so. with the exec on the /tmp fs this fails and the AXA startup doesn't complete.
A number of the AXA components need to use the snappy native libraries. By default the processes will try to run the library from the /tmp folder.
The attached is suggested configuration to allow the AXA product to run where /tmp is mounted with noexec by overidding the location of java.io.tmpdir.
Suggested folders must be created manually
This will not allow the product to be installed with /tmp as noexec so that restriction will have to be applied once the product is installed.