On Thu, 2004-07-15 at 16:28, Tom London wrote: > selinux-policy-strict-1.15.5-2 mislabels /usr/lib/mozilla-1.7/mozilla-* > as lib_t, > instead of as mozilla_exec_t. > > mozilla.fc now has: > /usr/lib(64)?/mozilla/mozilla-.* -- system_u:object_r:mozilla_exec_t > > but the files are in /usr/lib/mozilla-1.7/ > > Should the line in mozilla.fc be something like: > /usr/lib(64)?/mozilla(-[0-9].*)?/mozilla-* -- > system_u:object_r:mozilla_exec_t > I suggested the patch below earlier today. Dan says we also need to generalize the firefox entries. Index: policy/file_contexts/program/mozilla.fc =================================================================== RCS file: /nfshome/pal/CVS/selinux-usr/policy/file_contexts/program/mozilla.fc,v retrieving revision 1.8 diff -u -r1.8 mozilla.fc --- policy/file_contexts/program/mozilla.fc 12 Jul 2004 16:13:11 -0000 1.8 +++ policy/file_contexts/program/mozilla.fc 15 Jul 2004 13:44:59 -0000 @@ -14,7 +14,5 @@ /usr/bin/mozilla-bin-[0-9].* -- system_u:object_r:mozilla_exec_t /usr/lib(64)?/netscape/.+/communicator/communicator-smotif.real -- system_u:object_r:mozilla_exec_t /usr/lib(64)?/netscape/base-4/wrapper -- system_u:object_r:mozilla_exec_t -/usr/lib(64)?/mozilla/reg.+ -- system_u:object_r:mozilla_exec_t -/usr/lib(64)?/mozilla/mozilla-.* -- system_u:object_r:mozilla_exec_t -/usr/lib(64)?/mozilla-snapshot/reg.+ -- system_u:object_r:mozilla_exec_t -/usr/lib(64)?/mozilla-snapshot/mozilla-.* -- system_u:object_r:mozilla_exec_t +/usr/lib(64)?/mozilla[^/]*/reg.+ -- system_u:object_r:mozilla_exec_t +/usr/lib(64)?/mozilla[^/]*/mozilla-.* -- system_u:object_r:mozilla_exec_t -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
