Setting context for shm created with shm_open()
Stephen Smalley
sds at tycho.nsa.gov
Wed Nov 19 13:08:53 UTC 2008
On Tue, 2008-11-18 at 15:35 -0700, Scally, Katrina-P54861 wrote:
> Hello,
>
> I am creating shared memory using shm_open() as opposed to using SysV
> IPC. The shared memory is created as a mapped file under /dev/shm.
> The default type for this file is tmpfs_t. I would like to define my
> own type, say my_tmpfs_t, and associate it with the file in /dev/shm.
> With the appropriate policy in place I can do this via chcon from the
> command line. However, if I specify the context in the fc file it is
> not applied. I performed a fixfiles relabel and it didn't appear as
> if it was looking in this directory. Is this approach the best way to
> use SELinux with POSIX IPC? Can I relabel files in /dev/shm? The
> contents of my module are shown below:
You should use a type transition rule (file_type_auto_trans) to cause
files you create at runtime to get the right type upon creation.
The .fc files are for labeling of persistent files at install time and
for preserving the labels on such files across a relabel, but none of
that applies to shared memory objects. fixfiles only labels persistent
filesystems that support attributes.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list