782517 – Propose that you turn on PrivateTmp=true in service file for ypserv

Bug 782517 - Propose that you turn on PrivateTmp=true in service file for ypserv

Summary: Propose that you turn on PrivateTmp=true in service file for ypserv

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ypserv
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Honza Horak
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	PrivateTmp
TreeView+	depends on / blocked

Reported:	2012-01-17 15:52 UTC by Daniel Walsh
Modified:	2012-02-01 18:53 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-01 12:44:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Walsh 2012-01-17 15:52:41 UTC

I would like to propose using PrivateTmp for ypserv systemd unit file
This should make the use of /tmp directory more secure
and avoid users from being able to potentially effect it.

http://fedoraproject.org/wiki/Features/ServicesPrivateTmp

Comment 1 Honza Horak 2012-02-01 12:44:31 UTC

No binary or daemon from ypserv operates in /tmp, afaik. Closing this for now, feel free to re-open it if you wish.

Comment 2 Daniel Walsh 2012-02-01 18:53:43 UTC

No problem, I will remove the SELinux policy to handle this and we will see if AVC's start happening.

Note You need to log in before you can comment on or make changes to this bug.