Discussion:
Suggestion for synce-hal: use a socket in /var/run , not /tmp
Adam Williamson
2009-07-31 19:38:03 UTC
Permalink
I noticed while testing synce on Fedora Rawhide recently that synce-hal
was causing a lot of SELinux denials related to its creation of randomly
named sockets in /tmp. I reported a Red Hat bug on this:

https://bugzilla.redhat.com/show_bug.cgi?id=514768

Daniel Walsh, one of our SELinux gurus, suggested it would be better for
synce-hal to place its sockets in /var/run rather than /tmp - see
comment #6 - so I said I'd pass the suggestion along to the list. Does
this sound like something we should do?

(sorry for the email address / signature mismatch; one day I'll get
around to switching my mailing list subscriptions...)
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
David Eriksson
2009-07-31 20:22:08 UTC
Permalink
Post by Adam Williamson
I noticed while testing synce on Fedora Rawhide recently that synce-hal
was causing a lot of SELinux denials related to its creation of randomly
https://bugzilla.redhat.com/show_bug.cgi?id=514768
Daniel Walsh, one of our SELinux gurus, suggested it would be better for
synce-hal to place its sockets in /var/run rather than /tmp - see
comment #6 - so I said I'd pass the suggestion along to the list. Does
this sound like something we should do?
+1
Post by Adam Williamson
(sorry for the email address / signature mismatch; one day I'll get
around to switching my mailing list subscriptions...)
Cheers,

David Eriksson, http://www.divideandconquer.se/

--
Mark Ellis
2009-08-01 11:02:41 UTC
Permalink
Post by David Eriksson
Post by Adam Williamson
I noticed while testing synce on Fedora Rawhide recently that synce-hal
was causing a lot of SELinux denials related to its creation of randomly
https://bugzilla.redhat.com/show_bug.cgi?id=514768
Daniel Walsh, one of our SELinux gurus, suggested it would be better for
synce-hal to place its sockets in /var/run rather than /tmp - see
comment #6 - so I said I'd pass the suggestion along to the list. Does
this sound like something we should do?
Sounds like a fine plan. Changed in svn. I've attached a patch which
will fix a released source if you would like to prod the fedora packager
to apply it or just attach it to the bug. Might want to test it first :)

To satisfy curiosity, we put the socket there because it's always been
put there :) since some of synce-hal comes from odccm.

Mark
Post by David Eriksson
+1
Post by Adam Williamson
(sorry for the email address / signature mismatch; one day I'll get
around to switching my mailing list subscriptions...)
Cheers,
David Eriksson, http://www.divideandconquer.se/
Adam Williamson
2009-08-13 16:32:11 UTC
Permalink
Post by Mark Ellis
Post by Adam Williamson
I noticed while testing synce on Fedora Rawhide recently that synce-hal
was causing a lot of SELinux denials related to its creation of randomly
https://bugzilla.redhat.com/show_bug.cgi?id=514768
Daniel Walsh, one of our SELinux gurus, suggested it would be better for
synce-hal to place its sockets in /var/run rather than /tmp - see
comment #6 - so I said I'd pass the suggestion along to the list. Does
this sound like something we should do?
Sounds like a fine plan. Changed in svn. I've attached a patch which
will fix a released source if you would like to prod the fedora packager
to apply it or just attach it to the bug. Might want to test it first :)
To satisfy curiosity, we put the socket there because it's always been
put there :) since some of synce-hal comes from odccm.
OK - we stuck this into the Fedora synce-hal package, and it seems to
work fine AFAICT, nothing blew up. :) Thanks for the fix.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
Loading...