mozilla mail not starting under strict policy

[Daniel J Walsh]

Richard Hally wrote:

> when running strict policy on a fully updated rawhide, mozilla mail 
> will not start when in enforcing mode of the strict policy.
> Doing a setenforce 0 allows it to start.
> (Note that the avc denied messages are only produce when in premissive 
> mode)
> Below are the AVC denied messages:
>
> May 17 12:46:45 new2 kernel: audit(1116348405.108:0): avc:  granted  { 
> setenforce } for  scontext=root:sysadm_r:sysadm_t 
> tcontext=system_u:object_r:security_t tclass=security
> May 17 12:46:45 new2 dbus: avc:  received setenforce notice (enforcing=0)
> May 17 12:46:45 new2 dbus: avc:  received setenforce notice (enforcing=0)
> May 17 12:46:56 new2 kernel: audit(1116348416.169:0): avc:  denied  { 
> name_connect } for  dest=110 scontext=richard:staff_r:staff_mozilla_t 
> tcontext=system_u:object_r:pop_port_t tclass=tcp_socket
> May 17 12:46:56 new2 kernel: audit(1116348416.902:0): avc:  denied  { 
> getattr }
> for  name=/ dev=dm-0 ino=2 scontext=richard:staff_r:staff_mozilla_t 
> tcontext=system_u:object_r:fs_t tclass=filesystem
> May 17 12:47:45 new2 kernel: audit(1116348465.718:0): avc:  granted  { 
> setenforce } for  scontext=root:sysadm_r:sysadm_t 
> tcontext=system_u:object_r:security_t tclass=security
> May 17 12:47:45 new2 dbus: avc:  received setenforce notice (enforcing=1)
> May 17 12:47:45 new2 dbus: avc:  received setenforce notice (enforcing=1)
>
Yes use thunderbird .  :^)

Problem is we are trying to lock down Firefox with Mozilla policy, and 
mozilla mail is going away.  Can you just add a name_connect
rule.

Dan

> HTH
> Richard Hally
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list



--