Re: using tmpfs for /tmp and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2005-03-24 at 08:43 +0100, dragoran wrote:
> doesn't seem to work:
> Mar 24 08:35:28 chello062178124144 kernel: audit(1111649728.433:0): 
> avc:  denied  { associate } for  pid=4574 exe=/usr/bin/gdm-binary 
> name=.ICE-unix scontext=user_u:object_r:tmp_t 
> tcontext=system_u:object_r:tmp_t tclass=filesystem
> Mar 24 08:35:28 chello062178124144 kernel: audit(1111649728.433:0): 
> avc:  denied  { associate } for  pid=4574 exe=/usr/bin/gdm-binary 
> name=.X11-unix scontext=user_u:object_r:tmp_t 
> tcontext=system_u:object_r:tmp_t tclass=filesystem
> Mar 24 08:35:28 chello062178124144 kernel: audit(1111649728.433:0): 
> avc:  denied  { associate } for  pid=4574 exe=/usr/bin/gdm-binary 
> name=.X11-unix scontext=user_u:object_r:tmp_t 
> tcontext=system_u:object_r:tmp_t tclass=filesystem
> Mar 24 08:35:31 chello062178124144 kernel: audit(1111649731.447:0): 
> avc:  denied  { associate } for  pid=5340 exe=/usr/X11R6/bin/Xorg 
> name=.tX0-lock scontext=user_u:object_r:tmp_t 
> tcontext=system_u:object_r:tmp_t tclass=filesystem

Ah, yes - you would need policy changes as well, e.g.
	allow tmpfile tmp_t:filesystem associate;

-- 
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux