[PUP-9330] Unable to enfource SELinux attributes for files in /dev/shm Created: 2018/11/26 Updated: 2019/04/04 Resolved: 2018/12/17
|Component/s:||Types and Providers|
|Fix Version/s:||PUP 5.5.10, PUP 6.0.5, PUP 6.1.0|
|Reporter:||Jared Ledvina||Assignee:||Melissa Stone|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Template:||PUP Bug Template customfield_10700 286297|
|Sprint:||Platform Core KANBAN|
|Method Found:||Needs Assessment|
|Release Notes Summary:||A file on `tmpfs` will now report that it does support SELinux labels.|
|QA Risk Assessment:||Needs Assessment|
Currently on Puppet 5.5.1, I've created the following resource:
However, Puppet never configures the seltype for this directory, in the Puppet Agent debug logs we see:
I've tracked this down to the following:
I'm going to open a pull request to propose adding tmpfs to https://github.com/puppetlabs/puppet/blob/5.5.1/lib/puppet/util/selinux.rb#L193 and as per the contributor guidelines, also opening this issue to track this change as well.
|Comment by Jared Ledvina [ 2018/11/26 ]|
Pull request opened: https://github.com/puppetlabs/puppet/pull/7249
|Comment by Jared Ledvina [ 2018/12/12 ]|
New PR opened for 5.5.X, https://github.com/puppetlabs/puppet/pull/7279
|Comment by Jacob Helwig [ 2018/12/13 ]|
Merged to 5.5.x in cb2b636b4a.
|Comment by Melissa Stone [ 2018/12/13 ]|
SELinux utilities within the puppet codebase now recognize that `tmpfs` supports extended attributes and can support SELinux labels. `selinux_label_support?` will return true for a file mounted on `tmpfs`.