[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: file_type_auto_trans is not sufficient

To: Ivan Gyurdiev <ivg2@xxxxxxxxxxx>
Subject: Re: file_type_auto_trans is not sufficient
From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date: Tue, 31 May 2005 22:10:27 +0100
Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>, Karl MacMillan <kmacmillan@xxxxxxxxxx>, SELinux@xxxxxxxxxxxxx, dwalsh@xxxxxxxxxx
In-reply-to: <1117561043.4455.1.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Mail-followup-to: Ivan Gyurdiev <ivg2@xxxxxxxxxxx>, Stephen Smalley <sds@xxxxxxxxxxxxx>, Karl MacMillan <kmacmillan@xxxxxxxxxx>, SELinux@xxxxxxxxxxxxx, dwalsh@xxxxxxxxxx
References: <200505311632.j4VGW95F032656@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1117558114.4455.0.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1117559223.28924.202.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1117561043.4455.1.camel@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i

On Tue, May 31, 2005 at 01:37:23PM -0400, Ivan Gyurdiev wrote:
> 
> > Problem is that they both want to create directly in /tmp.  It would be
> > preferable if they had a dedicated subtree, e.g. /tmp/gconfd
> > and /tmp/orbit, with all per-user subdirectories underneath, so that the
> > top-level directory could be typed separately and set up a priori (at
> > boot if truly under /tmp, as they might otherwise have been deleted).
> 
> So you're saying that the directories should be created ahead of time by
> a startup script, and restorecon executed on them... something 
> like tmpskel? Maybe that can be used for libICE, which I want to
> label /tmp/.ICE-unix as ice_tmp_t.
 
 there is a whole slew of legacy applications that assume
 access to /tmp/.ICE-unix, /tmp/.X11-unix etc.

 it's a known problem for which the solution - creating tmp
 subdirectories - has been "scheduled" / "shelved".

 l.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- RE: file_type_auto_trans is not sufficient
  - From: Karl MacMillan
- RE: file_type_auto_trans is not sufficient
  - From: Ivan Gyurdiev
- RE: file_type_auto_trans is not sufficient
  - From: Stephen Smalley
- RE: file_type_auto_trans is not sufficient
  - From: Ivan Gyurdiev

Prev by Date: Re: gentoo/hardened
Next by Date: Re: smaller memory footprint for 'strict' policy - helping gentoo as well
Previous by thread: RE: file_type_auto_trans is not sufficient
Next by thread: Re: file_type_auto_trans is not sufficient
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.