On Tue, 2006-04-18 at 16:42 -0400, Bill Nottingham wrote: > > Considering this is scratch space that will be used just like > > the 'stock' filesystem for various things (/var, /etc state > > files, etc.), this seems to be the right solution. I'll try > > this. > > So, this doesn't work for me... the initial mount of the tmpfs > fails (with no avc). Subsequent mounts succeed, but, well, at that point > you're screwed. Any other messages in /var/log/messages from SELinux (not just avc)? e.g. SELinux: security_context_to_sid(xxx) failed ... It may be necessary to add allow rules to enable the fscontext= mount to succeed, although I would have expected that to generate an avc denial if that were the issue (unless suppressed by a dontaudit, but that seems wrong). You would need to allow <processdomain> <originalfstype>:filesystem relabelfrom; allow <processdomain> <newfstype>:filesystem relabelto; Dan? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
