policy addition for mozilla

Colin Walters walters at redhat.com
Fri Jul 9 20:38:08 UTC 2004


On Fri, 2004-07-09 at 01:13 -0400, Richard Hally wrote:
> Attached (and below) is a diff of a one line addition for 
> mozilla_macros.te from the the  selinux-policy-strict-sources-1.14.1-5.
> 
> audit2allow generated the following from the avc denied messages I 
> received when trying to run Mozilla: allow staff_mozilla_t xdm_tmp_t:dir 
> { search };

Just running denials through audit2allow is generally the wrong thing.
Often the denials are symptomatic of deeper problems like mislabeled
files, or deep design issues (e.g. GConf), or simply bugs in the
software (like mdadm opening files in /proc read/write), or
configuration problems (running Postfix chrooted).

In this particular case, having Mozilla able to access the XDM
temporarily files is almost certainly the wrong solution.  In order to
diagnose it we need to know what file it was accessing (information
contained in the raw dmesg output, but not in audit2allow) and what you
were doing at the time.  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040709/2c94bf66/attachment.bin 


More information about the selinux mailing list