How to change the default context for files in the home directory

goeran at uddeborg.se goeran at uddeborg.se
Mon Apr 30 20:49:16 UTC 2012


Daniel J Walsh:
> In this case we have to allow mozilla-plugin to create any file in
> the homedir if it does not exist and label it mozilla_home_t.

Ouch!  I had hoped something like the regular expressions of "semanage
fcontext" could have done it simpler.

Hm.  I wonder if there might be a better way.  In the case of BankID
the plugin starts a separate binary that does some of the work.  I
believe, in particular, it's that binary that creates the problematic
file.

Maybe I could write a policy module that puts this binary in a
specific domain when started from mozilla_plugin_t.  I would have to
let that domain create files in the home directory, but I wouldn't
have to let ALL plugins do it.  It would be a bit better.

I'll give it a try.  It will be a much more advanced module than I've
done before.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120430/01b74251/attachment.sig>


More information about the selinux mailing list