[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: problems with tmpfs and relabeling
- From: Bill Nottingham <notting redhat com>
- To: Stephen Smalley <sds tycho nsa gov>
- Cc: fedora-selinux-list redhat com
- Subject: Re: problems with tmpfs and relabeling
- Date: Tue, 18 Apr 2006 14:41:34 -0400
Stephen Smalley (sds tycho nsa gov) said:
> > However, relabeling the files then fails - for each type that I'm
> > putting on tmpfs, I need to add:
> >
> > allow <type> tmpfs_t:filesystem associate;
> >
> > before relabelling works.
> >
> > This seems strange - is this something that should be fixed in
> > the stock policy, or should I just carry this in my own module?
>
> One option is to use a fscontext= mount option to change the security
> context associated with the filesystem/superblock object to match your
> usage, e.g. making it fs_t like a conventional filesystem rather than
> tmpfs_t. e.g.
> mount -o fscontext=system_u:object_r:fs_t:s0 ...
Considering this is scratch space that will be used just like
the 'stock' filesystem for various things (/var, /etc state
files, etc.), this seems to be the right solution. I'll try
this.
Bill
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]