Re: file_type_auto_trans is not sufficient

[Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>]

On Tue, May 31, 2005 at 12:48:34PM -0400, Ivan Gyurdiev wrote:
> 
> > I know - that is why I am suggesting that each application could use multiple
> > directories. That means that orbit might put files into multiple directories
> > that were previously created, e.g. both /tmp and /tmp/orbit.
> 
> I am not following this - can you give an example.
> 
> Say you have an application such as gconf, which stores its data 
> in /tmp/gconfd-$USER (so it needs to be able to create that). 
> GConf is linked to libORBit2, hence it needs to be able to
> create /tmp/orbit-$USER.
> 
> Running gconfd in an individual domain is possible (and that's exactly
> what I've done). Running orbit in its domain does not work (at least not
> without a dynamic transition), because it's library code.
> 
> Are you saying that either gconfd or orbit need to move their files
> outside their designated directory and into /tmp?
 
 into /tmp/gconfd/something-$USER.

 yep.

 maybe the way forward is to create a [tiny] library with two
 functions in it: one that creates /tmp/socket and another
 that opens it, convert all programs to use that library, then
 convert the library to create /tmp/dir/socket.
 
 l.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.