Hello,
I am creating shared memory using shm_open() as opposed to using SysV IPC. The shared memory is created as a mapped file under /dev/shm. The default type for this file is tmpfs_t. I would like to define my own type, say my_tmpfs_t, and associate it with the file in /dev/shm. With the appropriate policy in place I can do this via chcon from the command line. However, if I specify the context in the fc file it is not applied. I performed a fixfiles relabel and it didn't appear as if it was looking in this directory. Is this approach the best way to use SELinux with POSIX IPC? Can I relabel files in /dev/shm? The contents of my module are shown below:
* * * .if * * *
* * * .te * * *
type my_tmpfs_t;
files_type(my_tmpfs_t)
* * * .fc * * *
/dev/shm/my_data -- gen_context(system_u:object_r:my_tmpfs_t, s0)
Thank you.
This email message is for the sole use of the intended recipient(s) and may contain GDC4S confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message.
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
