/tmp on tmpfs with selinux enabled
Aleksandar Milivojevic
amilivojevic at pbl.ca
Fri May 6 16:34:25 UTC 2005
Daniel J Walsh wrote:
> Aleksandar Milivojevic wrote:
>
>> I'm still discovering SELinux stuff, and I ran into small problem with
>> default targeted policy and /tmp directory. So I tought about saving
>> a bit of my time, and wasting a bit of everybody else's time ;-). Hm,
>> OK, maybe I shouldn't be making jokes like that... Anyhow:
>>
>> Basically, I have /tmp mounted on small tmpfs file system (to keep it
>> separate from root partition, without need for allocating dedicated
>> disc space for it). Now, root directory of anything mounted as tmpfs
>> will be labeled as tmpfs_t by SELinux (for example, see output of ls
>> -Zd /dev/shm, which is by default mounted as tmpfs on Fedora and RHEL).
> THis was previously discussed in the fedora-selinux list. Look for a
> subject of "using tmpfs for /tmp and selinux"
>
> If you add the context mount to your fstab entry, it should work
> context=system_u:object_r:tmp_t
>
> Something like
>
> none /tmp tmpfs
> defaults,context=system_u:object_r:tmp_t 0 0
Many thanks for the pointer to that thread on fedora-selinux list. It
was extremely helpfull. At the end, I implemented the same changes as
present in updated packages from rawhide (as described in the thread).
Seems to be working...
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the users
mailing list