[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

problems with tmpfs and relabeling

From: Bill Nottingham <notting redhat com>
To: fedora-selinux-list redhat com
Subject: problems with tmpfs and relabeling
Date: Tue, 18 Apr 2006 10:08:12 -0400

I'm currently working with the stateless code, which mounts the root
filesystem read-only, moving various things that need to be read-write
to tmpfs bind-mounted in the appropriate location.

This initially runs afoul of policy, and I need to write my own
policy that allows you to mount on top of /etc/resolv.conf (standard
targeted policy doesn't like that for some reason. :) )

However, relabeling the files then fails - for each type that I'm 
putting on tmpfs, I need to add:

allow <type> tmpfs_t:filesystem associate;

before relabelling works.

This seems strange - is this something that should be fixed in 
the stock policy, or should I just carry this in my own module?

Bill

Follow-Ups:
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]