RE: file_type_auto_trans is not sufficient

[Stephen Smalley <sds@xxxxxxxxxxxxx>]

On Tue, 2005-05-31 at 12:48 -0400, Ivan Gyurdiev wrote:
> I am not following this - can you give an example.
> 
> Say you have an application such as gconf, which stores its data 
> in /tmp/gconfd-$USER (so it needs to be able to create that). 
> GConf is linked to libORBit2, hence it needs to be able to
> create /tmp/orbit-$USER.
> 
> Running gconfd in an individual domain is possible (and that's exactly
> what I've done). Running orbit in its domain does not work (at least not
> without a dynamic transition), because it's library code.
> 
> Are you saying that either gconfd or orbit need to move their files
> outside their designated directory and into /tmp?

Problem is that they both want to create directly in /tmp.  It would be
preferable if they had a dedicated subtree, e.g. /tmp/gconfd
and /tmp/orbit, with all per-user subdirectories underneath, so that the
top-level directory could be typed separately and set up a priori (at
boot if truly under /tmp, as they might otherwise have been deleted).
BTW, what will per-user /tmp directories due to these conventions
anyway, even aside from any possible SELinux-related change?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.