761257 – Avoid using /tmp in Pulp plugins

Bug 761257 - Avoid using /tmp in Pulp plugins

Summary: Avoid using /tmp in Pulp plugins

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	PulpDist
Classification:	Community
Component:	Pulp Plugins
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	0.1.0
Assignee:	Nick Coghlan
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-12-07 22:20 UTC by Nick Coghlan
Modified:	2011-12-12 07:36 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	761253
Environment:
Last Closed:	2011-12-12 07:36:06 UTC
Embargoed:

Attachments	(Terms of Use)

Description Nick Coghlan 2011-12-07 22:20:24 UTC

Using /tmp for any kind of operations in a service can cause SELinux compatibility problems and open up genuine security holes (see http://danwalsh.livejournal.com/11467.html)

pulpdist.core.sync_trees should be updated to accept a configurable temp dir, then the Pulp plugins updated to use the conduit's working directory API to get an appropriate path.

Comment 1 Nick Coghlan 2011-12-12 07:36:06 UTC

Simpler solution: log data isn't stored on the filesystem while a job is in progress. Instead, it is held in RAM, and passed to Pulp for storage when the job completes (regardless of success or failure).

(feedback will also be passed upstream about the desirability of a better mechanism for recording partial log data in the event of failures)

Note You need to log in before you can comment on or make changes to this bug.