[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

how to allow one program to mount to /tmp?

From: Johnny Tan <linuxweb gmail com>
To: fedora-selinux-list redhat com
Subject: how to allow one program to mount to /tmp?
Date: Fri, 07 Mar 2008 11:10:28 -0500

I use puppet to do config management. It writes to/tmp/puppet.$$ files to capture the output of commands, thenreads in from those tmp files after.

It seems that when puppet attempts to do a mount command to/tmp, selinux is denying it.


When I do audit2allow, it comes up with this:

==
require {
        type initrc_tmp_t;
        type mount_t;
        class file { read write };
}

#============= mount_t ==============
allow mount_t initrc_tmp_t:file { read write };
==

To me, this seems a bit broad. The above allows any programto mount to /tmp, right?

How can I modify it such that only my puppet program isallowed, but continued to deny all others?


johnn

Follow-Ups:
- Re: how to allow one program to mount to /tmp?
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]