We are running self-hosted gha runners on RHEL 9.4. They are creating a shared memory section with world-writable permissions. I assume that the runners use this to communicate among themselves. The issue is that the lttng-ust-wait-8 section has world-write permissions, and this is causing security audit issues.
How can I prevent it from doing this? The runner users are all in the same group, so world write permission should not be required.
I've seen some advice on configuring the tempfs system in fstab, but I have not yet been able to track down quite what I'm looking for.
$ ll /dev/shm/
-rw-rw-rw- 1 gha-runner-7 gha-runner-7 4096 Feb 20 04:03 lttng-ust-wait-8
-rw-r----- 1 gha-runner-8 gha-runner-8 4096 Feb 20 04:03 lttng-ust-wait-8-558
-rw-r----- 1 gha-runner-7 gha-runner-7 4096 Feb 20 04:03 lttng-ust-wait-8-559
-rw-r----- 1 gha-runner-6 gha-runner-6 4096 Feb 20 04:03 lttng-ust-wait-8-560
-rw-r----- 1 gha-runner-5 gha-runner-5 4096 Feb 20 04:03 lttng-ust-wait-8-561
-rw-r----- 1 gha-runner-4 gha-runner-4 4096 Feb 20 04:03 lttng-ust-wait-8-562
-rw-r----- 1 gha-runner-3 gha-runner-3 4096 Feb 20 04:03 lttng-ust-wait-8-563
-rw-r----- 1 gha-runner-2 gha-runner-2 4096 Feb 20 04:03 lttng-ust-wait-8-564
-rw-r----- 1 gha-runner-1 gha-runner-1 4096 Feb 20 04:03 lttng-ust-wait-8-565
