using tmpfs for /tmp and selinux
dragoran
dragoran at feuerpokemon.de
Fri Mar 25 14:15:02 UTC 2005
Stephen Smalley wrote:
>On Fri, 2005-03-25 at 14:33 +0100, dragoran wrote:
>
>
>>>Ah, yes - you would need policy changes as well, e.g.
>>> allow tmpfile tmp_t:filesystem associate;
>>>
>>>
>>>
>>>
>>>
>>in which file should I add this?
>>
>>
>
>After further discussion on selinux list, it looks like Dan is going to
>take a different approach and not use a fscontext= or context= mount.
>Instead, he is just adding a 'restorecon /tmp' line
>to /etc/rc.d/rc.sysinit so that it will get relabeled to tmp_t at that
>time, and Dan recently added the following to the policy:
> allow tmpfile tmpfs_t:filesystem associate;
>
>This is similar to how tmpfs mounts are being handled for /dev for use
>by udev.
>
>
>
does this mean that adding restorecon /tmp in rc.sysinit would solve my
problem?
I am using selinux-policy-targeted-1.17.30-2.90 is
allow tmpfile tmpfs_t:filesystem associate;
already done in this policy? or do I have to add it myself? I have policy sources installed but I don't know in which file I should add this line before rebuilding the policy.
More information about the fedora-selinux-list
mailing list