On Wed, 2008-05-14 at 16:11 -0700, Clarkson, Mike R (US SSA) wrote:
> I'm having a problem setting up polyinstantiation for the /tmp dir. I'm
> using RHEL5.1 and I've set it up to create instance directories under
> the /tmp-inst directory based on level when using newrole. It works, but
> the instance directory has ownership/permissions (dac permissions) set
> so that the user can not write to the polyinstantiated directory
>
> #ls -l /tmp-inst/
> total 24
> drwxr-xr-x 2 root root 4096 May 14 20:17
> system_u:object_r:tmp_t:s0-s4:c0.c255_clarkson
> drwxr-xr-x 2 root root 4096 May 14 18:40
> system_u:object_r:tmp_t:s4:c0.c255_clarkson
>
> Either the directories need to be created with the user as the owner
> (clarkson in this case), or the permissions need to be 777.
>
> I've set this up before on other boxes and had it work. Not sure what
> the difference is now. Any ideas?
Remove the instances and add debug option to the pam_namespace.so. Do
you see anything suspicious in /var/log/secure? Also what ls -ld /tmp
says? The permissions should be copied from the polydir.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
