How to change the default context for files in the home directory

Daniel J Walsh dwalsh at redhat.com
Mon Apr 30 15:19:42 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/27/2012 05:23 PM, goeran at uddeborg.se wrote:
> Daniel J Walsh:
>> Can you get .personal-username into the .personal directory?
> 
> Not in any obvious way.  It's a closed source program (started from 
> firefox) which creates and removes it.
Ok we would have to write custom policy for this then.

We can write fairly tight policy for a fixed name being created within the
homedir,  In this case we have to allow mozilla-plugin to create any file in
the homedir if it does not exist and label it mozilla_home_t.  Which means a
plugin could create .bashrc for example, if it did not exist.

I am adding a boolean mozilla_plugin_enable_homedirs to control whether or not
mozilla/firefox plugins can create random content file/directories in the
users homedir. (Disabled by default).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+erY4ACgkQrlYvE4MpobMcZACfacOaCroUXtjo05fZpJZY8yLr
J78AnAinaety84CbtePHOSGb7j5idkUd
=ax0E
-----END PGP SIGNATURE-----


More information about the selinux mailing list