how to allow one program to mount to /tmp?

[Johnny Tan]

Daniel J Walsh wrote:
>> So I'm wondering if I can possibly load a module for now that allows
>> only puppet to mount to /tmp.
>>
>> johnn
> You would have to write a policy for puppet, which will probably need to
> be an unconfined domain.  You could confine it, if you new exactly what
> puppet would do on your machine.  You might need additional calls.  Not
> knowing what puppet will do, here is a guess at a policy.

Thanks for the sample policy Dan!

johnn