how to allow one program to mount to /tmp?
Johnny Tan
linuxweb at gmail.com
Fri Mar 7 16:56:58 UTC 2008
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Johnny Tan wrote:
>> I use puppet to do config management. It writes to /tmp/puppet.$$ files
>> to capture the output of commands, then reads in from those tmp files
>> after.
>>
>> It seems that when puppet attempts to do a mount command to /tmp,
>> selinux is denying it.
>>
> First why are you using /tmp? This is a directory that random users can
> write to. It should never be used from system space.
I agree, and I will file an enhancement request to the
puppet dev to change that. I think he chose /tmp because the
file DOES get removed after the command is run.
But for the moment, it doesn't seem this can be set via
config file.
So I'm wondering if I can possibly load a module for now
that allows only puppet to mount to /tmp.
johnn
More information about the fedora-selinux-list
mailing list