Questo contenuto non è disponibile nella lingua selezionata.

5.11.4. Setting Up Polyinstantiated Directories

The /tmp/ and /var/tmp/ directories are normally used for temporary storage by all programs, services, and users. Such setup, however, makes these directories vulnerable to race condition attacks, or an information leak based on file names. SELinux offers a solution in the form of polyinstantiated directories. This effectively means that both /tmp/ and /var/tmp/ are instantiated, making them appear private for each user. When instantiation of directories is enabled, each user's /tmp/ and /var/tmp/ directory is automatically mounted under /tmp-inst and /var/tmp/tmp-inst.

Follow these steps to enable polyinstantiation of directories:

Uncomment the last three lines in the /etc/security/namespace.conf file to enable instantiation of the /tmp/, /var/tmp/, and users' home directories:

~]$ tail -n 3 /etc/security/namespace.conf
/tmp     /tmp-inst/            level      root,adm
/var/tmp /var/tmp/tmp-inst/    level      root,adm
$HOME    $HOME/$USER.inst/     level

Ensure that in the /etc/pam.d/login file, the pam_namespace.so module is configured for session:
```
~]$ grep namespace /etc/pam.d/login
session    required     pam_namespace.so
```
Reboot your system.

Questo contenuto non è disponibile nella lingua selezionata.

5.11.4. Setting Up Polyinstantiated Directories

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Rendiamo l’open source più inclusivo

Informazioni su Red Hat

Red Hat legal and privacy links

Red Hat legal and privacy links