# find / -context \*:rpm_script_tmp_t:s\* -name home
/tmp/bundler/home
I don’t know what /tmp/bundler
is or why it tries to write there, tho…
It is present on other installs after a reboot too:
# ls /tmp/bundler/home/ -alhZ
drwxrwxrwx. foreman foreman system_u:object_r:system_cronjob_tmp_t:s0 .
drwxr-xr-x. foreman foreman system_u:object_r:system_cronjob_tmp_t:s0 ..
drwxr-xr-x. foreman foreman system_u:object_r:system_cronjob_tmp_t:s0 foreman
drwxr-xr-x. foreman-proxy foreman-proxy system_u:object_r:system_cronjob_tmp_t:s0 foreman-proxy
drwxr-xr-x. foreman foreman system_u:object_r:system_cronjob_tmp_t:s0 root
But now a different label…
Which brings me to
# When Foreman cronjob is started before Ruby on Rails, /tmp/bundler # is created with system_u:object_r:system_cronjob_tmp_t:s0 label denying # access to the web process manage_files_pattern(foreman_rails_t, system_cronjob_tmp_t, system_cronjob_tmp_t) manage_dirs_pattern(foreman_rails_t, system_cronjob_tmp_t, system_cronjob_tmp_t)