RE: file_type_auto_trans is not sufficient

[Ivan Gyurdiev <ivg2@xxxxxxxxxxx>]

On Tue, 2005-05-31 at 13:39 -0400, Stephen Smalley wrote:
> On Tue, 2005-05-31 at 13:37 -0400, Ivan Gyurdiev wrote:
> > > BTW, what will per-user /tmp directories due to these conventions
> > > anyway, even aside from any possible SELinux-related change?
> > 
> > What's the question again?
> 
> If Fedora implements private tmp directories (regardless of approach,
> whether using namespaces and bind mounts ala polyinstantiated
> directories or using the simple profile script suggested on fedora-
> devel-list), then creating $TMPDIR/gconfd-$USER becomes rather silly, as
> $TMPDIR becomes per-user anyway.

That's true... but something still needs to create those directories
(with our without the USER in it). If they're not created ahead of time
then you run into transition ambiguity. 

I suppose they could be created ahead of time:

- on-boot script for creating those "common-root" directories in /tmp,
based on what applications are currently installed (...need apps to 
put folders in this "tmpskel")

- applications could add /home/.* folders for users that already
exist when installed, and at the same time install their folder in /skel
to deal with future users. All of this seems rather fragile though.

- files: move into directories to eliminate the problem.
 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.