Stephen Smalley (sds@xxxxxxxxxxxxx) said: > > However, relabeling the files then fails - for each type that I'm > > putting on tmpfs, I need to add: > > > > allow <type> tmpfs_t:filesystem associate; > > > > before relabelling works. > > > > This seems strange - is this something that should be fixed in > > the stock policy, or should I just carry this in my own module? > > One option is to use a fscontext= mount option to change the security > context associated with the filesystem/superblock object to match your > usage, e.g. making it fs_t like a conventional filesystem rather than > tmpfs_t. e.g. > mount -o fscontext=system_u:object_r:fs_t:s0 ... Considering this is scratch space that will be used just like the 'stock' filesystem for various things (/var, /etc state files, etc.), this seems to be the right solution. I'll try this. Bill -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
