Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johnny Tan wrote:I use puppet to do config management. It writes to /tmp/puppet.$$ files to capture the output of commands, then reads in from those tmp files after. It seems that when puppet attempts to do a mount command to /tmp, selinux is denying it.First why are you using /tmp? This is a directory that random users can write to. It should never be used from system space.
I agree, and I will file an enhancement request to the puppet dev to change that. I think he chose /tmp because the file DOES get removed after the command is run.
But for the moment, it doesn't seem this can be set via config file.
So I'm wondering if I can possibly load a module for now that allows only puppet to mount to /tmp.
johnn