selinux-policy update
Mr Dash Four
mr.dash.four at googlemail.com
Wed Aug 29 12:30:34 UTC 2012
> This is a leaked file descriptor from who ever created the file /tmp/tmp5v080f
> or a redirected stdin/stdout/stderr. Possible candidates would be puppet or
> simple redirection using bash
>
> command << _EOF
> input
> input
> _EOF
>
> Could cause something like this if the command eventually executed
> rpm/load_policy.
>
Apologies for hijacking this thread, but the solution to the above
(which I have come across on so many occasions in the past that I care
to remember) is the following (assuming bash is used):
my=$(cat <<_EOF
input
input
_EOF
)
echo "$my" | command
where "command" is the command expecting input/reading the "file"
enclosed within _EOF. That way, no avcs are produced and SELinux is kept
at bay. The "standard" use, like:
command <<_EOF
input
input
_EOF
makes SELinux very angry, hence the above workaround.
More information about the selinux
mailing list