Next: 10.3 Syntax and meaning
Up: 10 Access control to
Previous: 10.1 Why allowtmp is
Contents
To resolve this problem, SELinux has a feature called file type
transition. allowtmp is a feature to configure file type
transition.
In file type transition, when domain creates files under some directory,
created file is given a label. The label can be named by policy.
Following is example usage of allowtmp.
domain httpd_t;
allow /var/run r,s;
allowtmp -dir /var/run -name httpd_var_run_t; -(a)
allow httpd_var_run_t r,w,s; -(b)
In (a), when httpd_t create file under /var/run, it is labeled as httpd_var_run_t. And in (b), httpd_t can r,w,s access to the
created file. To identify file using label name(httpd_var_run_t).
Yuichi Nakamura
2006-11-13