SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Thu, 24 Mar 2005 12:30:58 -0500 On Thu, 2005-03-24 at 09:37 -0500, Stephen Smalley wrote: > For /tmp, a fscontext= mount seems to have an issue in that it is still > using type transitions for labeling inodes (including the root), so we > end up with mount_tmp_t on /tmp at least under strict policy. Possibly > we could/should change the way that works for the root inode. Possible workaround - mount with fscontext=, then run restorecon /tmp (not recursively, just on the top-level directory) from rc.sysinit. That would get us tmp_t on the superblock and tmp_t on the root directory. Then you just need a few policy modifications like allow tmpfile_t tmp_t:filesystem associate;, and you still can perform [gs]etfilecon and setfscreatecon on the filesystem. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 24 Mar 2005 - 12:39:03 EST This message: [ Message body ] Next message: Daniel J Walsh: "setsebool problems" Previous message: Stephen Smalley: "Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t" In reply to: Stephen Smalley: "Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t" Next in thread: Daniel J Walsh: "Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t" Reply: Daniel J Walsh: "Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t" Reply: Luke Kenneth Casson Leighton: "Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom