Issue #3033 has been updated by Ricky Zhou. File 0001-Use-a-pipe-instead-of-a-temp-file-for-command-output.patch added
Hi, sorry I stopped updating this for the past few months. I have more time to keep looking into it now. Here is the most recent patch that I have for this issue (it is basically a retyped copy of the latest patch we were discussing on ticket #3013). I'm lost in all the tickets surrounding this issue right now - can anybody remember which test/use case this version fails? Looking at the code, there should only be one situation where it is possible for this code to hang forever after the child is finished executing---if the program that is being executed forks and exits, and its forked child continues writing to stdout/stderr, the select will continue to succeed and cause output to continue to be read continuously. This is a pretty pathological (and hopefully rare) case though. ---------------------------------------- Bug #3033: Using temporary files in /tmp to comunicate with child processes is problematic in SELinux http://projects.puppetlabs.com/issues/3033 Author: Markus Roberts Status: Investigating Priority: Normal Assigned to: Category: exec Target version: 0.25.6 Affected version: 0.25.2 Keywords: Branch: The present approach is necessitated by the more common / severe locking and race conditions that arise when trying to implement a cross-platform solution based on pipes (see related tickets, below). There are two possible solutions here, both should be explored: * Try to diagnose why the code developed on #3013 failed as described on #3025 * Perhaps more pragmatically, see if moving the temp files presently used in lieu of pipes to some other directory would placate SELinux. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
