Re: /tmp on tmpfs with selinux enabled

• Previous message: Charles Li: "how to autostart esd"
• In reply to: Daniel J Walsh: "Re: /tmp on tmpfs with selinux enabled"
• Next in thread: Rahul Sundaram: "Re: /tmp on tmpfs with selinux enabled"
• Reply: Rahul Sundaram: "Re: /tmp on tmpfs with selinux enabled"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 06 May 2005 11:34:25 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

Daniel J Walsh wrote:
> Aleksandar Milivojevic wrote:
>
>> I'm still discovering SELinux stuff, and I ran into small problem with
>> default targeted policy and /tmp directory. So I tought about saving
>> a bit of my time, and wasting a bit of everybody else's time ;-). Hm,
>> OK, maybe I shouldn't be making jokes like that... Anyhow:
>>
>> Basically, I have /tmp mounted on small tmpfs file system (to keep it
>> separate from root partition, without need for allocating dedicated
>> disc space for it). Now, root directory of anything mounted as tmpfs
>> will be labeled as tmpfs_t by SELinux (for example, see output of ls
>> -Zd /dev/shm, which is by default mounted as tmpfs on Fedora and RHEL).

> THis was previously discussed in the fedora-selinux list. Look for a
> subject of "using tmpfs for /tmp and selinux"
>
> If you add the context mount to your fstab entry, it should work
> context=system_u:object_r:tmp_t
>
> Something like
>
> none /tmp tmpfs
> defaults,context=system_u:object_r:tmp_t 0 0

Many thanks for the pointer to that thread on fedora-selinux list. It
was extremely helpfull. At the end, I implemented the same changes as
present in updated packages from rawhide (as described in the thread).
Seems to be working...

-- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

• Previous message: Charles Li: "how to autostart esd"
• In reply to: Daniel J Walsh: "Re: /tmp on tmpfs with selinux enabled"
• Next in thread: Rahul Sundaram: "Re: /tmp on tmpfs with selinux enabled"
• Reply: Rahul Sundaram: "Re: /tmp on tmpfs with selinux enabled"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [SLE] Partitioning advice ... The question is: which Linux partitions should ... In business Unix environments, ... this is frequently separate for backup reasons and because certain DOS ... and you may want to allocate a small root partition. ... (SuSE) Re: Running with a readonly root partition ... root partition, ... are located in separate, writable partitions. ... files or binaries in /etc and /usr (which may still ... (freebsd-questions) Re: Upgrading many kernels---- ... connecting and upgrading them periodically. ... because of lack of space in the root partition. ... is whatever the rest of the name of the kernel you want to ... Exactly why you have a separate /boot partition is very obscure to me ... (comp.os.linux.misc)