Bug 491744 - devicekit-disk should not be using /tmp, it should use /var/run
Summary: devicekit-disk should not be using /tmp, it should use /var/run
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: DeviceKit-disks
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-23 20:00 UTC by Daniel Walsh
Modified: 2009-04-07 18:16 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-04-07 04:45:53 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Daniel Walsh 2009-03-23 20:00:00 UTC 
Description of problem:

Why is this using /tmp rather then /var/run/devkit for its temporary files?

Users can much around in /tmp they can not in /var/run  So tempfiles should be created in /var/run

allow devicekit_disk_t tmp_t:dir { search read create mounton write getattr rmdir remove_name add_name };
allow devicekit_disk_t tmp_t:file { read write create unlink open };


Created a partition with palimsest to create these avc messages.
Comment 1 Matthias Clasen 2009-04-07 04:45:53 UTC 
Should be fixed in DeviceKit-disks-004
Comment 2 David Zeuthen 2009-04-07 16:56:27 UTC 
While I did fix this "bug" please note that devkit-disks-daemon will spawn a number of tools (depending of file system type) etc. that in turn may use /tmp.

What I'm trying to say is that it is extremely optimistic to think that denying access to /tmp is going to work. While it may work for simple tests it's just going to break some corner case either now or in the future.
Comment 3 Daniel Walsh 2009-04-07 18:16:35 UTC 
That is fine, and I will give devicekit the ability to create files in /tmp, but we should not do this by default.
Note You need to log in before you can comment on or make changes to this bug.