I use puppet to do config management. It writes to
/tmp/puppet.$$ files to capture the output of commands, then
reads in from those tmp files after.
It seems that when puppet attempts to do a mount command to
/tmp, selinux is denying it.
When I do audit2allow, it comes up with this:
==
require {
type initrc_tmp_t;
type mount_t;
class file { read write };
}
#============= mount_t ==============
allow mount_t initrc_tmp_t:file { read write };
==
To me, this seems a bit broad. The above allows any program
to mount to /tmp, right?
How can I modify it such that only my puppet program is
allowed, but continued to deny all others?
johnn
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
