On 07/14/2010 02:19 PM, Lennart Poettering wrote: > On Wed, 14.07.10 13:47, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > >>> Hardcoding foo_t is bad if they ever switch policy (MLS, etc.). But >>> it is an option. >>> >>> Bill >> Not sure this works, but this would be preferable. >> ExecStartPre=-"/bin/mkdir -p /var/run/foo; restorecon /var/run/foo" > > Yes this would work, though in a different syntax: > > ExecStartPre=-/bin/mkdir -p /var/run/foo ; -/sbin/restorecon /var/run/foo > > (The initial - btw means that the exit code of the command is ignored) > >> But I can write policy to make the tools do apps do the right think and >> label the directory correctly, with no hard coding. >> >> myapp_t creating a directory in var_run_t will be labeled >> myapp_var_run_t. I would just need to go through all the policy that >> uses var_run_t directories and make sure it has this rule. > > Hmm, if you would be willing to do that, then it would be great to find > somebody who fixed the .specs and makes a list of packages whose selinux > policy needs fixing. Anyone? Rahul you should vague interest on IRC? > > Lennart > What is the big benefit of changing to tmpfs for /var/run? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
