Issue #1563 has been updated by luke. Status changed from Needs design decision to Needs more information
We moved to temporary files about 18 months ago because we had so many problems trying to directly capture output. I believe a lot of the problems were related to running as other users, but I can't actually remember. I'm nearly positive it involved significant behavioral differences between different versions of Ruby, or maybe different operating systems. I'd like to see the old changes and ticket looked up and compared to this code before it gets accepted, and I'd also like to see it tested in many environments. This is a surprisingly thorny issue, and I'm hesitant to accept the patch unless it's gone through a lot more than basic usage testing. ---------------------------------------- Bug #1563: [PATCH] Change Util::Execute to use pipes instead of temporary files for capturing output http://reductivelabs.com/redmine/issues/show/1563 Author: seanmil Status: Needs more information Priority: High Assigned to: luke Category: plumbing Target version: 0.24.6 Complexity: Easy Affected version: 0.24.5 Keywords: SELinux execute Tempfile Patch attached to fix reported behavior. When triggering Puppet runs which included initscript starts/stops I noticed that I would receive three SELinux AVC denials logged for the process that was being started/stopped for a file of the form /tmp/puppet.$PID.0. Many of the system daemons which ship with CentOS 5 have confined SELinux domains which don't permit access to much of the system - including these Puppet temp files. Trying to figure out where to create the file (and with which context) for every service would be impractical (impossible? some services may not have any context that would be usable for write permissions) so I decided to just rewrite it to use Unix pipes. WorksForMe in my testing. I'm marking this as high because, depending on what commands are being run and their SELinux policies, this could cause command output to silently disappear (other then the denials in the logs). This could be very frustrating for someone who is trying to use that output. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
