Hello,
I am creating shared memory using shm_open() as opposed to using SysV
IPC. The shared memory is created as a mapped file under /dev/shm. The
default type for this file is tmpfs_t. I would like to define my own
type, say my_tmpfs_t, and associate it with the file in /dev/shm. With
the appropriate policy in place I can do this via chcon from the command
line. However, if I specify the context in the fc file it is not
applied. I performed a fixfiles relabel and it didn't appear as if it
was looking in this directory. Is this approach the best way to use
SELinux with POSIX IPC? Can I relabel files in /dev/shm? The contents
of my module are shown below:
* * * .if * * *
* * * .te * * *
type my_tmpfs_t;
files_type(my_tmpfs_t)
* * * .fc * * *
/dev/shm/my_data -- gen_context(system_u:object_r:my_tmpfs_t, s0)
Thank you.
> This email message is for the sole use of the intended recipient(s)
> and may contain GDC4S confidential or privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited. If
> you are not an intended recipient, please contact the sender by reply
> email and destroy all copies of the original message.
>