On Mon, 28 Mar 2005 09:01:19 EST, Stephen Smalley said: > On Sat, 2005-03-26 at 10:09 +0100, dragoran wrote: > > it still does not work with the restorecon /tmp line and the policy > > changes.... > > same avcs... > > Hmmm...Dan reported it working for him with just those two changes. > That was on a FC4/devel system with strict policy, but I'd expect it to > work fine under FC3 and targeted policy too. Are you sure that you > added 'allow tmpfile tmpfs_t:filesystem associate;' to your policy and > rebuilt it and installed it? What are the specific avcs that you see? Just a confirmation - this is a 'works for me' on a Fedora -devel system synced up to yesterday's tree - the policy change was in the RPM already, had to make the one-line hack to add the restorecon to rc.sysinit. Am running fine with /tmp on a tmpfs - so now /tmp gets auto-cleaned at each reboot (it's a laptop, so that's a fairly frequent occurrence - somehow, "suspend" just doesn't do it for me). Now if I were really paranoid, I'd enable encrypted swap... :)
Attachment:
pgpBnuCfYe9S7.pgp
Description: PGP signature
