Re: Puppet's use of tempfiles for capturing use of subprocess I/O

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-09-12 at 13:35 -0400, Daniel J Walsh wrote:

> Of course I would suggest that you not use /tmp for this activity since
> /tmp is really a USER resource and not a System resource.  You should
> never create files by privileged processes in /tmp/ they should be
> created in /var/run/puppet or /var/log/puppet.
> 
> http://danwalsh.livejournal.com/11467.html

Hi Dan,

Thanks for chiming in and providing the example policy.

I have been so focused on the file labeling and errors I hadn't even
stopped to consider the location :).  Puppet currently uses the Ruby
Tempfile class without specifying a tmpdir and defaults to /tmp as the
Ruby built-in default.  I might take a stab at adding a configuration
setting for that and defaulting it someplace else.

Excellent idea, thanks!

Sean


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux