[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: file_type_auto_trans is not sufficient

To: Stephen Smalley <sds@xxxxxxxxxxxxx>
Subject: RE: file_type_auto_trans is not sufficient
From: Ivan Gyurdiev <ivg2@xxxxxxxxxxx>
Date: Tue, 31 May 2005 13:37:23 -0400
Cc: Karl MacMillan <kmacmillan@xxxxxxxxxx>, SELinux@xxxxxxxxxxxxx, dwalsh@xxxxxxxxxx
In-reply-to: <1117559223.28924.202.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: Red Hat Inc.
References: <200505311632.j4VGW95F032656@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1117558114.4455.0.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1117559223.28924.202.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: ivg2@xxxxxxxxxxx
Sender: owner-selinux@xxxxxxxxxxxxx

> Problem is that they both want to create directly in /tmp.  It would be
> preferable if they had a dedicated subtree, e.g. /tmp/gconfd
> and /tmp/orbit, with all per-user subdirectories underneath, so that the
> top-level directory could be typed separately and set up a priori (at
> boot if truly under /tmp, as they might otherwise have been deleted).

So you're saying that the directories should be created ahead of time by
a startup script, and restorecon executed on them... something 
like tmpskel? Maybe that can be used for libICE, which I want to
label /tmp/.ICE-unix as ice_tmp_t.

What about /home, which has the same problem, but directories can't be
created ahead of time (adding to /skel doesn't work - if an application
is installed, the users created prior to installation have no folder).

What about file conflicts - then you can't create directories ahead of
time... 

> BTW, what will per-user /tmp directories due to these conventions
> anyway, even aside from any possible SELinux-related change?

What's the question again?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- RE: file_type_auto_trans is not sufficient
  - From: Stephen Smalley
- Re: file_type_auto_trans is not sufficient
  - From: Luke Kenneth Casson Leighton

References:
- RE: file_type_auto_trans is not sufficient
  - From: Karl MacMillan
- RE: file_type_auto_trans is not sufficient
  - From: Ivan Gyurdiev
- RE: file_type_auto_trans is not sufficient
  - From: Stephen Smalley

Prev by Date: Re: [Patch 1/3] Loadable policy module infrastructure
Next by Date: Updated Policy in Sourceforge CVS
Previous by thread: RE: file_type_auto_trans is not sufficient
Next by thread: RE: file_type_auto_trans is not sufficient
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.