selinux-policy-strict-1.15.5-2 breaks mozilla....
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jul 15 20:38:07 UTC 2004
On Thu, 2004-07-15 at 16:28, Tom London wrote:
> selinux-policy-strict-1.15.5-2 mislabels /usr/lib/mozilla-1.7/mozilla-*
> as lib_t,
> instead of as mozilla_exec_t.
>
> mozilla.fc now has:
> /usr/lib(64)?/mozilla/mozilla-.* -- system_u:object_r:mozilla_exec_t
>
> but the files are in /usr/lib/mozilla-1.7/
>
> Should the line in mozilla.fc be something like:
> /usr/lib(64)?/mozilla(-[0-9].*)?/mozilla-* --
> system_u:object_r:mozilla_exec_t
>
I suggested the patch below earlier today. Dan says we also need to
generalize the firefox entries.
Index: policy/file_contexts/program/mozilla.fc
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/file_contexts/program/mozilla.fc,v
retrieving revision 1.8
diff -u -r1.8 mozilla.fc
--- policy/file_contexts/program/mozilla.fc 12 Jul 2004 16:13:11 -0000 1.8
+++ policy/file_contexts/program/mozilla.fc 15 Jul 2004 13:44:59 -0000
@@ -14,7 +14,5 @@
/usr/bin/mozilla-bin-[0-9].* -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/netscape/.+/communicator/communicator-smotif.real -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/netscape/base-4/wrapper -- system_u:object_r:mozilla_exec_t
-/usr/lib(64)?/mozilla/reg.+ -- system_u:object_r:mozilla_exec_t
-/usr/lib(64)?/mozilla/mozilla-.* -- system_u:object_r:mozilla_exec_t
-/usr/lib(64)?/mozilla-snapshot/reg.+ -- system_u:object_r:mozilla_exec_t
-/usr/lib(64)?/mozilla-snapshot/mozilla-.* -- system_u:object_r:mozilla_exec_t
+/usr/lib(64)?/mozilla[^/]*/reg.+ -- system_u:object_r:mozilla_exec_t
+/usr/lib(64)?/mozilla[^/]*/mozilla-.* -- system_u:object_r:mozilla_exec_t
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the selinux
mailing list