[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: New domain for nsplugin
From:       Daniel J Walsh <dwalsh () redhat ! com>
Date:       2008-05-27 11:44:16
Message-ID: 483BF410.5030309 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher J. PeBenito wrote:
| On Mon, 2008-05-19 at 13:12 -0400, Daniel J Walsh wrote:
|> --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1969-12-31
19:00:00.000000000 -0500
|> +++ serefpolicy-3.4.1/policy/modules/apps/nsplugin.fc	2008-05-19
11:36:24.749177000 -0400
|> @@ -0,0 +1,9 @@
|> +
|> +/usr/lib(64)?/nspluginwrapper/npviewer.bin	--
gen_context(system_u:object_r:nsplugin_exec_t,s0)
|> +/usr/lib(64)?/nspluginwrapper/plugin-config	--
gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
|> +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?		
gen_context(system_u:object_r:nsplugin_rw_t,s0)
|> +
|> +HOME_DIR/\.adobe(/.*)?		
gen_context(system_u:object_r:user_nsplugin_home_t,s0)
|> +HOME_DIR/\.macromedia(/.*)?	
gen_context(system_u:object_r:user_nsplugin_home_t,s0)
|> +HOME_DIR/\.gstreamer-.*		
gen_context(system_u:object_r:user_nsplugin_home_t,s0)
|> +HOME_DIR/\.local.*		
gen_context(system_u:object_r:user_nsplugin_home_t,s0)
|
| I'm having trouble buying this one.  It seems pretty broad, especially
| since acrobat isn't only a browser plugin, and I'm not sure what
| gstreamer is doing here.
|
These are basically directories that nsplugin needs to write in.  So we
can define a new context for each, without a controlling domain.  But we
need to set a new precedence for this.

gstramer_home_t, adobe_home_t?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkg764wACgkQrlYvE4MpobMMLwCeP75ccyLjysfBHjdPlMhXeIEN
mgkAnjgWcsVHV2B+zIdJmH3xsW9o8Crl
=LsdV
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic