On Fri, 2008-09-12 at 13:35 -0400, Daniel J Walsh wrote: > Of course I would suggest that you not use /tmp for this activity since > /tmp is really a USER resource and not a System resource. You should > never create files by privileged processes in /tmp/ they should be > created in /var/run/puppet or /var/log/puppet. > > http://danwalsh.livejournal.com/11467.html Hi Dan, Thanks for chiming in and providing the example policy. I have been so focused on the file labeling and errors I hadn't even stopped to consider the location :). Puppet currently uses the Ruby Tempfile class without specifying a tmpdir and defaults to /tmp as the Ruby built-in default. I might take a stab at adding a configuration setting for that and defaulting it someplace else. Excellent idea, thanks! Sean -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
