On Wed, 14.07.10 14:24, Daniel J Walsh (dwa...@redhat.com) wrote: > >> myapp_t creating a directory in var_run_t will be labeled > >> myapp_var_run_t. I would just need to go through all the policy that > >> uses var_run_t directories and make sure it has this rule. > > > > Hmm, if you would be willing to do that, then it would be great to find > > somebody who fixed the .specs and makes a list of packages whose selinux > > policy needs fixing. Anyone? Rahul you should vague interest on IRC? > > > > Lennart > > > What is the big benefit of changing to tmpfs for /var/run?
Well, various little things: The reboot cleanup of those dirs will become unnecessary and automatic. Socket accesses won't put pressure on the HDD due to atime updates. Security reg. left-over files Stateless bootup Multi-instance root fs with r/o mounts. And stuff like this. And of course this is just cleaner this way, since the files in /var/run and /var/lock are runtime objects that are used for synchronization and establishment of communication channels only. They happen to live in the file system namespace because that is how Unix works, but there is really no point at all to ever write them to disk. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
