From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 6 Feb 2014 12:47:03 +0100
Subject: [refpolicy] I would like to suggest that we remove the tmpfs_t
 and type alias them to tmp_t.
In-Reply-To: <52F36FC1.4020001@redhat.com>
References: <52F36FC1.4020001@redhat.com>
Message-ID: <CAPzO=Nybb1Sse2jRhgtxeuXW4pVMWoac4hFyZkaGMAt-SMzkdA@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The shm you mention would be my only concern. I've thought about
introducing an shm_t or so instead but found little value.

Beyond that concern I'm OK with it.
On Feb 6, 2014 12:19 PM, "Daniel J Walsh" <dwalsh@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - From a security point of view, treating this differently has little
> value in
> my mind.  I believe policy writers just write both rules in place.  I guess
> you could argue that combining them together would allow a domain to write
> to
> /dev/shm /tmp and /var/tmp and currently you could only write to one.
>
> What do people think about this?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlLzb8EACgkQrlYvE4MpobPhFwCg1IIHpepYnmNWIDXbmgKIk2sn
> O4kAn2yMkxBzZ46bZ89nSffZvFDzhP7a
> =aNMc
> -----END PGP SIGNATURE-----
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140206/26fbdabc/attachment.html