On Mon, 28 Mar 2005 09:01:19 EST, Stephen Smalley said:
On Sat, 2005-03-26 at 10:09 +0100, dragoran wrote:
> it still does not work with the restorecon /tmp line and the policy
> changes....
> same avcs...
Hmmm...Dan reported it working for him with just those two changes.
That was on a FC4/devel system with strict policy, but I'd expect it to
work fine under FC3 and targeted policy too. Are you sure that you
added 'allow tmpfile tmpfs_t:filesystem associate;' to your policy and
rebuilt it and installed it? What are the specific avcs that you see?
Just a confirmation - this is a 'works for me' on a Fedora -devel system
synced up to yesterday's tree - the policy change was in the RPM already,
had to make the one-line hack to add the restorecon to rc.sysinit.
Am running fine with /tmp on a tmpfs - so now /tmp gets auto-cleaned at
each reboot (it's a laptop, so that's a fairly frequent occurrence - somehow,
"suspend" just doesn't do it for me). Now if I were really paranoid,
I'd
enable encrypted swap... :)