请问什么是多实例目录?
polyinstantiated directories?我在一些系统安全相关的文档上接触到这个概念,有没有大侠能够解释下? 回复 1# kiongf
原因下面这两个网页说得很清楚。
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/polyinstantiated-directories.html
http://www.ibm.com/developerworks/library/l-polyinstantiation/
The /tmp/ and /var/tmp/ directories are normally used for temporary storage by all programs, services, and users. Such setup, however, makes these directories vulnerable to race condition attacks, or an information leak based on file names. SELinux offers a solution in the form of polyinstantiated directories. This effectively means that both /tmp/ and /var/tmp/ are instantiated, making them appear private for each user. When instantiation of directories is enabled, each user's /tmp/ and /var/tmp/ directory is automatically mounted under /tmp-inst and /var/tmp/tmp-inst.
实现的原理是:
http://www.ibm.com/developerworks/linux/library/l-mount-namespaces/index.html
页:
[1]