Tmpfs
Stephen Smalley
sds at epoch.ncsc.mil
Wed Jul 7 19:42:06 UTC 2004
On Mon, 2004-07-05 at 21:50, Ivan Gyurdiev wrote:
> What's the situation with tmpfs? I have /tmp on tmpfs and I get lots of
> denials. Tmpfs doesn't seem to support xattrs, however..
>
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
> SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
>
> Is /tmp on tmpfs something that should work, or is this not supported?
> What about /dev on tmpfs (or /udev)?
tmpfs lacks a fake xattr handler at present, unlike devpts, so userspace
cannot get or set contexts on tmpfs. However, transition SIDs should be
fine for tmp file creation in most cases, but this requires policy
changes, and introduces a problem if you want to be able to distinguish
the tmpfs mount used for shared memory from your /tmp tmpfs mount. You
can use the context= mount option to assign a single context for a given
mount and override the default behavior, but that doesn't really help
here.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list