From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Daniel J Walsh <dwalsh@redhat.com>,
SELinux <SELinux@tycho.nsa.gov>,
James Morris <jmorris@redhat.com>,
Russell Coker <russell@coker.com.au>
Subject: Re: I would like to propose some kind of consolidation of tmpfs_t and tmp_t
Date: Thu, 24 Mar 2005 22:11:08 +0000 [thread overview]
Message-ID: <20050324221107.GD8553@lkcl.net> (raw)
In-Reply-To: <1111685458.13486.61.camel@moss-spartans.epoch.ncsc.mil>
On Thu, Mar 24, 2005 at 12:30:58PM -0500, Stephen Smalley wrote:
> On Thu, 2005-03-24 at 09:37 -0500, Stephen Smalley wrote:
> > For /tmp, a fscontext= mount seems to have an issue in that it is still
> > using type transitions for labeling inodes (including the root), so we
> > end up with mount_tmp_t on /tmp at least under strict policy. Possibly
> > we could/should change the way that works for the root inode.
>
> Possible workaround - mount with fscontext=, then run restorecon /tmp
> (not recursively, just on the top-level directory) from rc.sysinit.
i found that i had to do this for /dev on debian, when running udev.
bearing in mind that udev on debian is NOT started from the
initrd like wot it is in fedora, it's started from /etc/init.d
very early on (priority 2 or 3).
l.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2005-03-24 22:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-24 14:12 I would like to propose some kind of consolidation of tmpfs_t and tmp_t Daniel J Walsh
2005-03-24 14:37 ` Stephen Smalley
2005-03-24 14:44 ` Stephen Smalley
2005-03-24 17:30 ` Stephen Smalley
2005-03-24 20:06 ` Daniel J Walsh
2005-03-25 13:32 ` Stephen Smalley
2005-03-25 14:46 ` Daniel J Walsh
2005-03-24 22:11 ` Luke Kenneth Casson Leighton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050324221107.GD8553@lkcl.net \
--to=lkcl@lkcl.net \
--cc=SELinux@tycho.nsa.gov \
--cc=dwalsh@redhat.com \
--cc=jmorris@redhat.com \
--cc=russell@coker.com.au \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.