On Wed, 2005-03-23 at 13:11 +0100, dragoran wrote: > Is it possible to use tmpfs for /tmp with selinux (targeted) ... > I tryed but got many avcs (tmp_t becomes tmpfs_t) for all files in /tmp You could try mounting with the context= option, e.g. context=system_u:object_r:tmp_t. This will force the superblock and root directory to tmp_t, and then files created in it should pick up the usual type transitions by default (e.g. mysqld_tmp_t). However, at present, using this option disables the use of getxattr/setxattr and setfscreatecon on the filesystem, so note that ls -Z and similar programs will no longer be able to get or set contexts on /tmp. Note to James: Possibly we should reconsider the disabling of getxattr/setxattr and setfscreatecon for mountpoint labeling for pseudo filesystems like tmpfs, since we are just dealing with an incore inode SID and there is no persistent storage, so there is no inconsistency. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency
