[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: problems with tmpfs and relabeling

From: Stephen Smalley <sds tycho nsa gov>
To: Bill Nottingham <notting redhat com>
Cc: James Morris <jmorris redhat com>, Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: problems with tmpfs and relabeling
Date: Fri, 21 Apr 2006 08:12:38 -0400

On Fri, 2006-04-21 at 07:51 -0400, Stephen Smalley wrote:
> On Thu, 2006-04-20 at 14:38 -0400, Bill Nottingham wrote:
> Possibly stupid question:  Will files be created dynamically in these
> tmpfs mounts at runtime?  Do you expect them to follow the traditional
> inherit-from-parent-directory behavior you get from ext3?  

Sorry, not enough caffeine here.  They already do follow that behavior
(via inode_init_security hook call from tmpfs).  Only problem here is
getting the right label on the root directory inode in the first place,
which likely just requires allowing restorecon to fix it up, as is done
for /dev as well.  This does suggest however that a rootcontext= option
to mount would be helpful.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham

References:
- problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]