On the directory "/dev/shm", a temporary file system(tmpfs) is mounted. Usually this file system is used in order to create temporary files for processes, interprocess communications, and so on. You can define access controls for this file system. The screenshot is shown below.
By checking this check-box, you can allow the current domain to create exclusive files on tmpfs. The files that this domain creates are labeled with a security label characteristic of this domain, and so are not allowed to access by the other processes.
You can allow the current domain to read-access to the files created by the other domains on tmpfs.The domain names that are allowed to create files on tmpfs are listed in the "select" combo-box. By selecting a domain name in this combo-box, you can add the domain name to the input-field on the left. If you want to allow the domain to read the all files on tmpfs, you should just check the "all" check-box. If you want to allow the domain to read the non-labeled files (the files given the default label of tmpfs), you have to check the "before labeled" check-box.
You can allow the write-access, same as read-access.
By clicking this button, the inter-configuration files are updated with the changes.