using tmpfs for /tmp and selinux
Stephen Smalley
sds at tycho.nsa.gov
Fri Mar 25 13:59:44 UTC 2005
On Fri, 2005-03-25 at 14:33 +0100, dragoran wrote:
> >Ah, yes - you would need policy changes as well, e.g.
> > allow tmpfile tmp_t:filesystem associate;
> >
> >
> >
> in which file should I add this?
After further discussion on selinux list, it looks like Dan is going to
take a different approach and not use a fscontext= or context= mount.
Instead, he is just adding a 'restorecon /tmp' line
to /etc/rc.d/rc.sysinit so that it will get relabeled to tmp_t at that
time, and Dan recently added the following to the policy:
allow tmpfile tmpfs_t:filesystem associate;
This is similar to how tmpfs mounts are being handled for /dev for use
by udev.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the fedora-selinux-list
mailing list