Puppet's use of tempfiles for capturing use of subprocess I/O
Sean E. Millichamp
sean at bruenor.org
Fri Sep 12 18:23:50 UTC 2008
On Fri, 2008-09-12 at 13:35 -0400, Daniel J Walsh wrote:
> Of course I would suggest that you not use /tmp for this activity since
> /tmp is really a USER resource and not a System resource. You should
> never create files by privileged processes in /tmp/ they should be
> created in /var/run/puppet or /var/log/puppet.
>
> http://danwalsh.livejournal.com/11467.html
Hi Dan,
Thanks for chiming in and providing the example policy.
I have been so focused on the file labeling and errors I hadn't even
stopped to consider the location :). Puppet currently uses the Ruby
Tempfile class without specifying a tmpdir and defaults to /tmp as the
Ruby built-in default. I might take a stab at adding a configuration
setting for that and defaulting it someplace else.
Excellent idea, thanks!
Sean
More information about the fedora-selinux-list
mailing list