From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 6 Feb 2014 08:51:33 -0500
Subject: [refpolicy] I would like to suggest that we remove the tmpfs_t
 and type alias them to tmp_t.
In-Reply-To: <52F36FC1.4020001@redhat.com>
References: <52F36FC1.4020001@redhat.com>
Message-ID: <52F39365.4020505@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/06/14 06:19, Daniel J Walsh wrote:
> - From a security point of view, treating this differently has little value in
> my mind.  I believe policy writers just write both rules in place.  I guess
> you could argue that combining them together would allow a domain to write to
> /dev/shm /tmp and /var/tmp and currently you could only write to one.
> 
> What do people think about this?

I don't think I have any objections, though I'm eager to hear opinions.  However, I think we should probably still keep /dev/shm separate.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com