On Tue, 2008-11-18 at 15:35 -0700, Scally, Katrina-P54861 wrote: > Hello, > > I am creating shared memory using shm_open() as opposed to using SysV > IPC. The shared memory is created as a mapped file under /dev/shm. > The default type for this file is tmpfs_t. I would like to define my > own type, say my_tmpfs_t, and associate it with the file in /dev/shm. > With the appropriate policy in place I can do this via chcon from the > command line. However, if I specify the context in the fc file it is > not applied. I performed a fixfiles relabel and it didn't appear as > if it was looking in this directory. Is this approach the best way to > use SELinux with POSIX IPC? Can I relabel files in /dev/shm? The > contents of my module are shown below: You should use a type transition rule (file_type_auto_trans) to cause files you create at runtime to get the right type upon creation. The .fc files are for labeling of persistent files at install time and for preserving the labels on such files across a relabel, but none of that applies to shared memory objects. fixfiles only labels persistent filesystems that support attributes. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
