using tmpfs for /tmp and selinux

Fri Mar 25 13:33:00 UTC 2005

Stephen Smalley wrote:

>On Thu, 2005-03-24 at 08:43 +0100, dragoran wrote:
>  
>
>>doesn't seem to work:
>>Mar 24 08:35:28 chello062178124144 kernel: audit(1111649728.433:0): 
>>avc:  denied  { associate } for  pid=4574 exe=/usr/bin/gdm-binary 
>>name=.ICE-unix scontext=user_u:object_r:tmp_t 
>>tcontext=system_u:object_r:tmp_t tclass=filesystem
>>Mar 24 08:35:28 chello062178124144 kernel: audit(1111649728.433:0): 
>>avc:  denied  { associate } for  pid=4574 exe=/usr/bin/gdm-binary 
>>name=.X11-unix scontext=user_u:object_r:tmp_t 
>>tcontext=system_u:object_r:tmp_t tclass=filesystem
>>Mar 24 08:35:28 chello062178124144 kernel: audit(1111649728.433:0): 
>>avc:  denied  { associate } for  pid=4574 exe=/usr/bin/gdm-binary 
>>name=.X11-unix scontext=user_u:object_r:tmp_t 
>>tcontext=system_u:object_r:tmp_t tclass=filesystem
>>Mar 24 08:35:31 chello062178124144 kernel: audit(1111649731.447:0): 
>>avc:  denied  { associate } for  pid=5340 exe=/usr/X11R6/bin/Xorg 
>>name=.tX0-lock scontext=user_u:object_r:tmp_t 
>>tcontext=system_u:object_r:tmp_t tclass=filesystem
>>    
>>
>
>Ah, yes - you would need policy changes as well, e.g.
>	allow tmpfile tmp_t:filesystem associate;
>
>  
>
in which file should I add this?