Re: polyinstantiation of the /tmp dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2008-05-14 at 16:11 -0700, Clarkson, Mike R (US SSA) wrote:
> I'm having a problem setting up polyinstantiation for the /tmp dir. I'm
> using RHEL5.1 and I've set it up to create instance directories under
> the /tmp-inst directory based on level when using newrole. It works, but
> the instance directory has ownership/permissions (dac permissions) set
> so that the user can not write to the polyinstantiated directory
> 
> #ls -l /tmp-inst/
> total 24
> drwxr-xr-x 2 root root 4096 May 14 20:17
> system_u:object_r:tmp_t:s0-s4:c0.c255_clarkson
> drwxr-xr-x 2 root root 4096 May 14 18:40
> system_u:object_r:tmp_t:s4:c0.c255_clarkson
> 
> Either the directories need to be created with the user as the owner
> (clarkson in this case), or the permissions need to be 777.
> 
> I've set this up before on other boxes and had it work. Not sure what
> the difference is now. Any ideas?

Remove the instances and add debug option to the pam_namespace.so. Do
you see anything suspicious in /var/log/secure? Also what ls -ld /tmp
says? The permissions should be copied from the polydir.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux