On Fri, 2005-03-25 at 15:15 +0100, dragoran wrote:
> does this mean that adding restorecon /tmp in rc.sysinit would solve my
> problem?
> I am using selinux-policy-targeted-1.17.30-2.90 is
>
> allow tmpfile tmpfs_t:filesystem associate;
>
> already done in this policy? or do I have to add it myself? I have policy sources installed but I don't know in which file I should add this line before rebuilding the policy.
It is in the rawhide policy, doesn't appear to be in the latest policy
for FC3 yet. You can temporarily put it
in /etc/selinux/targeted/src/policy/domains/misc/local.te and reload
your policy for now. The diff Dan proposed for rc.sysinit on selinux
list is below.
--
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency
--- initscripts-8.05/rc.d/rc.sysinit~ 2005-03-24 15:02:51.000000000 -0500
+++ initscripts-8.05/rc.d/rc.sysinit 2005-03-24 15:03:11.000000000 -0500
@@ -593,6 +593,7 @@
fi
# Clean up various /tmp bits
+restorecon /tmp
rm -f /tmp/.X*-lock /tmp/.lock.* /tmp/.gdm_socket /tmp/.s.PGSQL.*
rm -rf /tmp/.X*-unix /tmp/.ICE-unix /tmp/.font-unix /tmp/hsperfdata_* \
/tmp/kde-* /tmp/ksocket-* /tmp/mc-* /tmp/mcop-* /tmp/orbit-* \
