Advice needed designing packages for selinux

[David Carter <dcarter entertain-me com>]

Hey folks!

Here's some architectural background on my application. I have two  
pieces: an agent and a library that links with an application. The  
library communicates with the agent via semaphores, message queues,  
and shared memory. The files corresponding to these IPC mechanisms had  
been stored in /tmp. But here's the rub. The agent could run in root  
space as a system wide agent, but also in user space as a development  
and debugging tool. To facilitate this, each instance creates it's own  
subdirectory to hold the IPC files. Since they'll need to clean this  
up when they're done, I'd set the sticky bit on the directory.

So know, if I move the system queues to /var/lib as I should, I have  
to have the sticky but set there, which is bad. Alternatively, if I  
leave it in the /tmp directory, I don't see how I can set the ACL's  
that selinux requires. The third option is to give any applications  
requiring access permissions so broad as to defeat the purpose of  
selinux. And the fourth is to disable selinux entirely, which is also  
not good.

Advice?

TIA,
Dave