Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Johnny Tan wrote:
I use puppet to do config management. It writes to /tmp/puppet.$$ files
to capture the output of commands, then reads in from those tmp files
after.
It seems that when puppet attempts to do a mount command to /tmp,
selinux is denying it.
First why are you using /tmp? This is a directory that random users can
write to. It should never be used from system space.
I agree, and I will file an enhancement request to the
puppet dev to change that. I think he chose /tmp because the
file DOES get removed after the command is run.
But for the moment, it doesn't seem this can be set via
config file.
So I'm wondering if I can possibly load a module for now
that allows only puppet to mount to /tmp.
johnn
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
