using tmpfs for /tmp and selinux
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Mar 31 15:08:04 UTC 2005
On Mon, 28 Mar 2005 09:01:19 EST, Stephen Smalley said:
> On Sat, 2005-03-26 at 10:09 +0100, dragoran wrote:
> > it still does not work with the restorecon /tmp line and the policy
> > changes....
> > same avcs...
>
> Hmmm...Dan reported it working for him with just those two changes.
> That was on a FC4/devel system with strict policy, but I'd expect it to
> work fine under FC3 and targeted policy too. Are you sure that you
> added 'allow tmpfile tmpfs_t:filesystem associate;' to your policy and
> rebuilt it and installed it? What are the specific avcs that you see?
Just a confirmation - this is a 'works for me' on a Fedora -devel system
synced up to yesterday's tree - the policy change was in the RPM already,
had to make the one-line hack to add the restorecon to rc.sysinit.
Am running fine with /tmp on a tmpfs - so now /tmp gets auto-cleaned at
each reboot (it's a laptop, so that's a fairly frequent occurrence - somehow,
"suspend" just doesn't do it for me). Now if I were really paranoid, I'd
enable encrypted swap... :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050331/4a4c0267/attachment.sig>
More information about the fedora-selinux-list
mailing list