/tmp on tmpfs with selinux enabled

Aleksandar Milivojevic amilivojevic at pbl.ca
Fri May 6 16:34:25 UTC 2005


Daniel J Walsh wrote:
> Aleksandar Milivojevic wrote:
> 
>> I'm still discovering SELinux stuff, and I ran into small problem with 
>> default targeted policy and /tmp directory.  So I tought about saving 
>> a bit of my time, and wasting a bit of everybody else's time ;-).  Hm, 
>> OK, maybe I shouldn't be making jokes like that...  Anyhow:
>>
>> Basically, I have /tmp mounted on small tmpfs file system (to keep it 
>> separate from root partition, without need for allocating dedicated 
>> disc space for it).  Now, root directory of anything mounted as tmpfs 
>> will be labeled as tmpfs_t by SELinux (for example, see output of ls 
>> -Zd /dev/shm, which is by default mounted as tmpfs on Fedora and RHEL).

> THis was previously discussed in the fedora-selinux list.  Look for a 
> subject of "using tmpfs for /tmp and selinux"
> 
> If you add the context mount to your fstab entry, it should work
> context=system_u:object_r:tmp_t
> 
> Something like
> 
> none                    /tmp                    tmpfs   
> defaults,context=system_u:object_r:tmp_t 0 0

Many thanks for the pointer to that thread on fedora-selinux list.  It 
was extremely helpfull.  At the end, I implemented the same changes as 
present in updated packages from rawhide (as described in the thread). 
Seems to be working...

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7




More information about the users mailing list