[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: problems with tmpfs and relabeling

From: Bill Nottingham <notting redhat com>
To: Stephen Smalley <sds tycho nsa gov>
Cc: James Morris <jmorris redhat com>, Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: problems with tmpfs and relabeling
Date: Fri, 21 Apr 2006 12:54:18 -0400

Stephen Smalley (sds tycho nsa gov) said: 
> > > Do you expect them to follow the traditional
> > > inherit-from-parent-directory behavior you get from ext3?  
> > 
> > Yes.
> 
> Yes, and that's ok.  I think we just need to adjust policy to allow
> restorecon to fix the label on the root directory, and (on the separate
> issue of policy),

OK.

> we need a rw mount on /etc/selinux separate from the
> rest of root so that we can perform policy module operations.

I'm not as sure about this now that I understand how semodule
is supposed to work. If you're running a read-only system,
you shouldn't need to add or remove modules at runtime - that's
something you do when preparing the image to run read-only. That
only leaves listing modules, which I presume can be fixed to not
need write access?

Bill

Follow-Ups:
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley

References:
- problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley
- Re: problems with tmpfs and relabeling
  - From: Bill Nottingham
- Re: problems with tmpfs and relabeling
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]