[OT] tmpfs - was : AVC every server boot: SELinux is preventing the setxkbmap from using potentially mislabeled files (./.X11-unix).

Daniel J Walsh dwalsh at redhat.com
Fri Aug 14 13:28:16 UTC 2009 

On 08/14/2009 08:50 AM, Arthur Dent wrote:
> On Fri, 2009-08-14 at 08:25 -0400, Daniel J Walsh wrote:
>> On 08/14/2009 12:19 AM, Richard Chapman wrote:
>>> Daniel J Walsh wrote:
>>>> On 08/12/2009 07:53 PM, Richard Chapman wrote:
> 
> [snip]
> 
>>>>
>>>> I always use tmpfs for /tmp, so I never end up with garbage on a reboot.
>>>>
>>>>   
>>> I like your idea of using tmpfs - but is it ever a problem that tmpfs is
>>> relatively small and finite? Also - please excuse my ignorance - but how
>>> do I make tmpfs the tmp folder?
>>>
>>> Richard.
>>>
>>>
>> Must have changed between RHEL5 and F11
>>
>> Try 
>>
>> chcon -R -t xdm_xserver_tmp_t /tmp/.X11-unix
>>
>> Add this line to /etc/fstab
>>
>> tmpfs                   /tmp	                tmpfs   rootcontext="system_u:object_r:tmp_t:s0",defaults        0 0
>>
>> And reboot.
>>
>> I don't tend to store huge abouts of stuff in /tmp.  If I want to store big stuff I can always use /var/tmp
> 
> Forgive the off-topic response, but I too like the idea of a
> self-washing /tmp. However I am concerned that I don't really understand
> how it works. What, for example, would be the effect of doing this on
> server which has only limited RAM and is only rebooted periodically.
> Would all the RAM get filled up over time by tmpfs and then everything
> would have to run in swap?
> 
> Would I need to reboot regularly just to clean tmpfs?
> 
Well there are tools like tmpwatch and tmpreaper that periodically clean up /tmp files.  

On a server or system with limited ram, this might not be a great idea, since you could run out of
memory.  I do not know if you can put a quota on it.  I just don't store a lot of junk on /tmp, so it is 
never a problem.  And I have had problems in the past with mislabeled files either via SELinux or UID problems in 
/tmp causing havoc with login.

I am on a personal crusade to stop all system services (processes running as UID=0) from using /tmp. /var/tmp

> I do like the idea and have just implemented it on my desktop machine
> which has more RAM and gets shut down every day...
> 
> Thanks...
> 
> Mark
> 
> 
> 
> ------------------------------------------------------------------------
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list