Next: 10.2 What is allowtmp?
Up: 10 Access control to
Previous: 10 Access control to
Contents
allowtmp is prepared to configure access control to temporally
files.
Before going detail, let's see why such configuration element is necessary.
SELinux identifies files based on inode, not file name. File name based
configuration does not work correctly when inode number changes or inode
does not exist at the time of configuration(typically such files are
temporally files).
Such files exist under /var/run, /tmp, /var/tmp.
For example, assume following configuration exists.
domain httpd_t
allow /var/run r,s;
allow /var/run/httpd.pid r,w,s;
At first, httpd_t have r,w,s permission to /var/run/httpd.pid.
However, when httpd is restarted /var/run/httpd.pid is removed and
created again. In this process, inode number is changed. When inode
number changes, it inherits parent directory's permission. i.e:
httpd_t have r,s permission to /var/run/httpd.pid(the permission of
/var/run). So to grant r,w,s permission to /var/run/httpd.pid, r,w,s
permission should be given to parent directory(/var/run).
However, in this configuration, httpd_t can r,w,s other daemons pid
files under /var/run.
In second example, when program creates files randomly under /tmp it is
a problem. Assume program A(domain is a_t) and program B(domain is
b_t) creates files whose names are random under /tmp. In such
case,following configuration will be described.
{
domain a_t;
allow /tmp/** r,w;
}
{
domain b_t;
allow /tmp/** r,w;
}
This means, program A can access program B's temporally files, and
program B can access program A's temporally files.
In above example, access control configuration can not be described for
individual files, but for directory what such files belongs.
If you think it is enough, following will not necessary :-).
Next: 10.2 What is allowtmp?
Up: 10 Access control to
Previous: 10 Access control to
Contents
Yuichi Nakamura
2006-11-13