On Fri, 2005-03-25 at 14:33 +0100, dragoran wrote: > >Ah, yes - you would need policy changes as well, e.g. > > allow tmpfile tmp_t:filesystem associate; > > > > > > > in which file should I add this? After further discussion on selinux list, it looks like Dan is going to take a different approach and not use a fscontext= or context= mount. Instead, he is just adding a 'restorecon /tmp' line to /etc/rc.d/rc.sysinit so that it will get relabeled to tmp_t at that time, and Dan recently added the following to the policy: allow tmpfile tmpfs_t:filesystem associate; This is similar to how tmpfs mounts are being handled for /dev for use by udev. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency
