problems with tmpfs and relabeling
sds at tycho.nsa.gov
Fri Apr 21 12:12:38 UTC 2006
On Fri, 2006-04-21 at 07:51 -0400, Stephen Smalley wrote:
> On Thu, 2006-04-20 at 14:38 -0400, Bill Nottingham wrote:
> Possibly stupid question: Will files be created dynamically in these
> tmpfs mounts at runtime? Do you expect them to follow the traditional
> inherit-from-parent-directory behavior you get from ext3?
Sorry, not enough caffeine here. They already do follow that behavior
(via inode_init_security hook call from tmpfs). Only problem here is
getting the right label on the root directory inode in the first place,
which likely just requires allowing restorecon to fix it up, as is done
for /dev as well. This does suggest however that a rootcontext= option
to mount would be helpful.
National Security Agency
More information about the fedora-selinux-list