Daniel J Walsh wrote:
So I'm wondering if I can possibly load a module for now that allows
only puppet to mount to /tmp.
johnn
You would have to write a policy for puppet, which will probably need to
be an unconfined domain. You could confine it, if you new exactly what
puppet would do on your machine. You might need additional calls. Not
knowing what puppet will do, here is a guess at a policy.
Thanks for the sample policy Dan!
johnn
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
