FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-15-2008, 07:41 AM
Tomas Mraz
 
Default polyinstantiation of the /tmp dir

On Wed, 2008-05-14 at 16:11 -0700, Clarkson, Mike R (US SSA) wrote:
> I'm having a problem setting up polyinstantiation for the /tmp dir. I'm
> using RHEL5.1 and I've set it up to create instance directories under
> the /tmp-inst directory based on level when using newrole. It works, but
> the instance directory has ownership/permissions (dac permissions) set
> so that the user can not write to the polyinstantiated directory
>
> #ls -l /tmp-inst/
> total 24
> drwxr-xr-x 2 root root 4096 May 14 20:17
> system_ubject_r:tmp_t:s0-s4:c0.c255_clarkson
> drwxr-xr-x 2 root root 4096 May 14 18:40
> system_ubject_r:tmp_t:s4:c0.c255_clarkson
>
> Either the directories need to be created with the user as the owner
> (clarkson in this case), or the permissions need to be 777.
>
> I've set this up before on other boxes and had it work. Not sure what
> the difference is now. Any ideas?

Remove the instances and add debug option to the pam_namespace.so. Do
you see anything suspicious in /var/log/secure? Also what ls -ld /tmp
says? The permissions should be copied from the polydir.

--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 08:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org