Aleksandar Milivojevic wrote:
I'm still discovering SELinux stuff, and I ran into small problem with default targeted policy and /tmp directory. So I tought about saving a bit of my time, and wasting a bit of everybody else's time ;-). Hm, OK, maybe I shouldn't be making jokes like that... Anyhow:
Basically, I have /tmp mounted on small tmpfs file system (to keep it separate from root partition, without need for allocating dedicated disc space for it). Now, root directory of anything mounted as tmpfs will be labeled as tmpfs_t by SELinux (for example, see output of ls -Zd /dev/shm, which is by default mounted as tmpfs on Fedora and RHEL).
THis was previously discussed in the fedora-selinux list. Look for a subject of "using tmpfs for /tmp and selinux"
If you add the context mount to your fstab entry, it should work context=system_u:object_r:tmp_t
Something like
none /tmp tmpfs defaults,context=system_u:object_r:tmp_t 0 0
Many thanks for the pointer to that thread on fedora-selinux list. It was extremely helpfull. At the end, I implemented the same changes as present in updated packages from rawhide (as described in the thread). Seems to be working...
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
