From 5802fbb369517f3536ae0ea26c70e2971d401740 Mon Sep 17 00:00:00 2001
From: Jonathan Budzenski <jon@budzenski.me>
Date: Wed, 15 Sep 2021 20:47:52 -0500
Subject: [PATCH] [systemd] Use a private /tmp directory

This creates an isolated tmp directory for the kibana service.  Reads
and writes to /tmp will end up in /tmp/systemd-private-*-kibana.service-*/tmp,
isolated to the current process.
---
 .../systemd/usr/lib/systemd/system/kibana.service                | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/dev/build/tasks/os_packages/service_templates/systemd/usr/lib/systemd/system/kibana.service b/src/dev/build/tasks/os_packages/service_templates/systemd/usr/lib/systemd/system/kibana.service
index df33b82f1f967..21f1a011f2397 100644
--- a/src/dev/build/tasks/os_packages/service_templates/systemd/usr/lib/systemd/system/kibana.service
+++ b/src/dev/build/tasks/os_packages/service_templates/systemd/usr/lib/systemd/system/kibana.service
@@ -8,6 +8,7 @@ After=network-online.target
 Type=simple
 User=kibana
 Group=kibana
+PrivateTmp=true
 
 Environment=KBN_HOME=/usr/share/kibana
 Environment=KBN_PATH_CONF=/etc/kibana