[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: how to allow one program to mount to /tmp?



Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johnny Tan wrote:
I use puppet to do config management. It writes to /tmp/puppet.$$ files
to capture the output of commands, then reads in from those tmp files
after.

It seems that when puppet attempts to do a mount command to /tmp,
selinux is denying it.

First why are you using /tmp?  This is a directory that random users can
write to.  It should never be used from system space.

I agree, and I will file an enhancement request to the puppet dev to change that. I think he chose /tmp because the file DOES get removed after the command is run.

But for the moment, it doesn't seem this can be set via config file.

So I'm wondering if I can possibly load a module for now that allows only puppet to mount to /tmp.

johnn


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]