> A) Build a custom SELinux policy, and maintain it as reference policy is > updated, and debug all the issues yourself. I just need a hint on how to create a system-wide policy, not just an application level policy. Where can I find details on this? > B) Bite the bullet, and repartition with a separate /tmp (which is a good > idea even without SELinux, as it kills off a whole class of attacks using > hardlinks from /tmp to places on the root partition). It is not a technical problem to create a separate partition. But as I wrote in my first email I just cannot do it, because there is no way in linux to have system-wide quotas. Quotas are always only valid for one single partition. If I have quotas on the root partition (which includes /home) but /tmp is on a separate partition, then the quotas of / (and thus /home) don't apply for /tmp. That is the only reason why I have a look at selinux. If you have any other idea to have the same quotas for /home and /tmp while /tmp doesn't allow to execute files but /home does, then please tell me. Regards Marten -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
