How to change the default context for files in the home directory
goeran at uddeborg.se
goeran at uddeborg.se
Mon Apr 30 20:49:16 UTC 2012
Daniel J Walsh:
> In this case we have to allow mozilla-plugin to create any file in
> the homedir if it does not exist and label it mozilla_home_t.
Ouch! I had hoped something like the regular expressions of "semanage
fcontext" could have done it simpler.
Hm. I wonder if there might be a better way. In the case of BankID
the plugin starts a separate binary that does some of the work. I
believe, in particular, it's that binary that creates the problematic
file.
Maybe I could write a policy module that puts this binary in a
specific domain when started from mozilla_plugin_t. I would have to
let that domain create files in the home directory, but I wouldn't
have to let ALL plugins do it. It would be a bit better.
I'll give it a try. It will be a much more advanced module than I've
done before.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120430/01b74251/attachment.sig>
More information about the selinux
mailing list