Daniel J Walsh wrote:
Jimmy wrote:
Hi!
Im trying to learn SELinux from bottom up, but having some
fundamental issues regarding the basics.
Im trying to load the mozilla.pp module in targeted, which works
fine. I set the correct contexts with restorecon on firefox-bin. But
when i run the binary it stills runs in unconfined_t when looking at
running processes (ps auxZ).
Ivé tried to compile it myself from different sources, and load it,
but get the same results all the time. Then i tried with netutils.pp
and discovered the same problem witrh ping.
Why doesnt firefox get transfered to the $1_mozilla_t domain??? I
know im making some really fundamental mistake somewhere, but i cant
find out what it is!
With best regards / Tomten
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You need to write a transition rule from unconfined_t to mozilla_t
Something like
mozilla_per_role_template(user, unconfined_t, system_r)
But there is a bug in policy right now
gen_require(`
type mozilla_exec_t;
type mozilla_conf_t;
')
Needs to be added to the mozilla_per_role_template interface definition.
Looking further into this, I realize there is a lot of work to be done
to make this happen. I think it is better to work on a simpler domain.
I plan on adding a confinement of mozilla in FC7. But right now an
concentrating on RHEL 5/FC6
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
