[selinux-policy: 2169/3172] mozilla patch from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:12:43 UTC 2010
commit 06625d302c8020efc72c93889957804c8af9ad58
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Jul 27 09:11:12 2009 -0400
mozilla patch from dan.
policy/modules/apps/mozilla.fc | 7 ++-----
policy/modules/apps/mozilla.if | 3 +--
policy/modules/apps/mozilla.te | 4 +++-
policy/modules/kernel/corenetwork.te.in | 3 ++-
4 files changed, 8 insertions(+), 9 deletions(-)
---
diff --git a/policy/modules/apps/mozilla.fc b/policy/modules/apps/mozilla.fc
index b6f0924..4df06a0 100644
--- a/policy/modules/apps/mozilla.fc
+++ b/policy/modules/apps/mozilla.fc
@@ -15,11 +15,6 @@ HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
#
-# /etc
-#
-/etc/mozpluggerrc -- gen_context(system_u:object_r:mozilla_conf_t,s0)
-
-#
# /lib
#
/usr/lib(64)?/galeon/galeon -- gen_context(system_u:object_r:mozilla_exec_t,s0)
@@ -29,3 +24,5 @@ HOME_DIR/\.phoenix(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
/usr/lib(64)?/mozilla[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
/usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 3811a40..53c0e82 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -82,8 +82,7 @@ interface(`mozilla_write_user_home_files',`
type mozilla_home_t;
')
- allow $1 mozilla_home_t:dir list_dir_perms;
- allow $1 mozilla_home_t:file write;
+ write_files_pattern($1, mozilla_home_t, mozilla_home_t)
userdom_search_user_home_dirs($1)
')
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index db466cb..21a5bd2 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
-policy_module(mozilla, 2.0.2)
+policy_module(mozilla, 2.0.3)
########################################
#
@@ -105,6 +105,7 @@ corenet_sendrecv_generic_client_packets(mozilla_t)
# Should not need other ports
corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
+corenet_tcp_connect_speech_port(mozilla_t)
dev_read_urand(mozilla_t)
dev_read_rand(mozilla_t)
@@ -234,6 +235,7 @@ optional_policy(`
optional_policy(`
gnome_stream_connect_gconf(mozilla_t)
+ gnome_manage_config(mozilla_t)
')
optional_policy(`
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7b70b70..67620d0 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
-policy_module(corenetwork, 1.11.12)
+policy_module(corenetwork, 1.11.13)
########################################
#
@@ -175,6 +175,7 @@ network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
network_port(spamd, tcp,783,s0)
+network_port(speech, tcp,8036,s0)
network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
network_port(ssh, tcp,22,s0)
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
More information about the scm-commits
mailing list