next up previous contents
Next: 10.2 What is allowtmp? Up: 10 Access control to Previous: 10 Access control to   Contents

10.1 Why allowtmp is necessary?

allowtmp is prepared to configure access control to temporally files. Before going detail, let's see why such configuration element is necessary. SELinux identifies files based on inode, not file name. File name based configuration does not work correctly when inode number changes or inode does not exist at the time of configuration(typically such files are temporally files). Such files exist under /var/run, /tmp, /var/tmp. For example, assume following configuration exists.
domain httpd_t
allow /var/run r,s;
allow /var/run/httpd.pid r,w,s;
At first, httpd_t have r,w,s permission to /var/run/httpd.pid. However, when httpd is restarted /var/run/httpd.pid is removed and created again. In this process, inode number is changed. When inode number changes, it inherits parent directory's permission. i.e: httpd_t have r,s permission to /var/run/httpd.pid(the permission of /var/run). So to grant r,w,s permission to /var/run/httpd.pid, r,w,s permission should be given to parent directory(/var/run). However, in this configuration, httpd_t can r,w,s other daemons pid files under /var/run.
In second example, when program creates files randomly under /tmp it is a problem. Assume program A(domain is a_t) and program B(domain is b_t) creates files whose names are random under /tmp. In such case,following configuration will be described.
{
domain a_t;
allow /tmp/** r,w;
}
{
domain b_t;
allow /tmp/** r,w;
}
This means, program A can access program B's temporally files, and program B can access program A's temporally files.
In above example, access control configuration can not be described for individual files, but for directory what such files belongs. If you think it is enough, following will not necessary :-).


next up previous contents
Next: 10.2 What is allowtmp? Up: 10 Access control to Previous: 10 Access control to   Contents
Yuichi Nakamura 2006-11-13