Stephen Smalley wrote:
On Fri, 2005-03-25 at 14:33 +0100, dragoran wrote:does this mean that adding restorecon /tmp in rc.sysinit would solve my problem?
in which file should I add this?Ah, yes - you would need policy changes as well, e.g. allow tmpfile tmp_t:filesystem associate;
After further discussion on selinux list, it looks like Dan is going to take a different approach and not use a fscontext= or context= mount. Instead, he is just adding a 'restorecon /tmp' line to /etc/rc.d/rc.sysinit so that it will get relabeled to tmp_t at that time, and Dan recently added the following to the policy: allow tmpfile tmpfs_t:filesystem associate;
This is similar to how tmpfs mounts are being handled for /dev for use by udev.
I am using selinux-policy-targeted-1.17.30-2.90 is
allow tmpfile tmpfs_t:filesystem associate;
already done in this policy? or do I have to add it myself? I have policy sources installed but I don't know in which file I should add this line before rebuilding the policy.
