/tmp on tmpfs (was: Re: Summary/Minutes for today's FESCo meeting (2012-04-02))

David Quigley selinux at davequigley.com
Mon Apr 2 20:04:23 UTC 2012


On 04/02/2012 15:58, Richard W.M. Jones wrote:
> On Mon, Apr 02, 2012 at 08:32:56PM +0200, Miloslav Trma─Ź wrote:
>> * #834 F18 Feature: /tmp on tmpfs -
>>   http://fedoraproject.org/wiki/Features/tmp-on-tmpfs  (mitr, 
>> 17:40:06)
>>   * AGREED: tmp-on-tmpfs is accepted (+5 -3)  (mitr, 18:12:52)
>
> Actually I think this is a good feature, but ...
>
> The feature page is wrong about "The user experience should barely
> change.  This is mostly a low-level change that has little visibility
> to the user."
>
> tmpfs is different in a number of important ways:
>
>  - it's very limited in space compared to a real disk
>
>  - it doesn't support O_DIRECT
>
>  - it doesn't support user extended attrs; and not very old kernels
>    didn't support any xattrs at all, meaning things like SELinux
>    labels don't work
>
> All this means it's going to need a bit more testing, since
> potentially any package that stores a file on /tmp should be tested
> and may need to be fixed.
>
> Rich.
>
> --
> Richard Jones, Virtualization Group, Red Hat 
> http://people.redhat.com/~rjones
> New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
> programs, test, and build Windows installers. Over 70 libraries 
> supprt'd
> http://fedoraproject.org/wiki/MinGW 
> http://www.annexia.org/fedora_mingw


I really need to remember to send with the right user identity for this 
list.

<resend of my message since its going to bounce>

That third part is not correct. tmpfs supports SELinux labels. If you 
mount a tmpfs filesystem you'll see it reports seclabel as one of the 
mount options. You can also just use chcon -t to set the type on any 
file you like. SELinux labels are stored in the security namespace which 
is separate from user extended attributes.

Dave


More information about the devel mailing list