The firefox browser is an ideal attack vector . Could prevent a lot of mischief i think. On 7/21/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Valdis.Kletnieks@xxxxxx wrote: > On Fri, 21 Jul 2006 08:58:37 +0200, Peter Harmsen said: >> Is there any change a firefox policy will be included >> as default? > > serefpolicy-2.3.3/policy/modules/apps % grep firefox mozilla.* > mozilla.fc:/usr/lib(64)?/firefox[^/]*/mozilla-.* -- gen_context(system_u:object_r:mozilla_exec_t,s0) > mozilla.fc:/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin -- gen_context(system_u:object_r:mozilla_exec_t,s0) > > The already present mozilla pilicy seems to already cover it? It doesn't appear to be enabled in the targeted policy though: # semanage fcontext -l | grep mozilla /usr/lib(64)?/mozilla.*\.so regular file system_u:object_r:textrel_shlib_t:s0 /usr/lib(64)?/[^/]*/run-mozilla\.sh regular file system_u:object_r:bin_t:s0 /usr/lib(64)?/[^/]*/mozilla-xremote-client regular file system_u:object_r:bin_t:s0 /usr/lib(64)?/thunderbird.*/mozilla-xremote-client regular file system_u:object_r:bin_t:s0 No mention of mozilla_exec_t Paul.
-- I have made this letter longer than usual, because i lack the time to make it short. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
