On Mon, 2004-07-05 at 21:50, Ivan Gyurdiev wrote: > What's the situation with tmpfs? I have /tmp on tmpfs and I get lots of > denials. Tmpfs doesn't seem to support xattrs, however.. > > SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs > SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs > SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs > > Is /tmp on tmpfs something that should work, or is this not supported? > What about /dev on tmpfs (or /udev)? tmpfs lacks a fake xattr handler at present, unlike devpts, so userspace cannot get or set contexts on tmpfs. However, transition SIDs should be fine for tmp file creation in most cases, but this requires policy changes, and introduces a problem if you want to be able to distinguish the tmpfs mount used for shared memory from your /tmp tmpfs mount. You can use the context= mount option to assign a single context for a given mount and override the default behavior, but that doesn't really help here. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
