how to allow one program to mount to /tmp?
Johnny Tan
linuxweb at gmail.com
Fri Mar 7 16:10:28 UTC 2008
I use puppet to do config management. It writes to
/tmp/puppet.$$ files to capture the output of commands, then
reads in from those tmp files after.
It seems that when puppet attempts to do a mount command to
/tmp, selinux is denying it.
When I do audit2allow, it comes up with this:
==
require {
type initrc_tmp_t;
type mount_t;
class file { read write };
}
#============= mount_t ==============
allow mount_t initrc_tmp_t:file { read write };
==
To me, this seems a bit broad. The above allows any program
to mount to /tmp, right?
How can I modify it such that only my puppet program is
allowed, but continued to deny all others?
johnn
More information about the fedora-selinux-list
mailing list