-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/30/2012 04:49 PM, goeran@xxxxxxxxxxx wrote: > Daniel J Walsh: >> In this case we have to allow mozilla-plugin to create any file in the >> homedir if it does not exist and label it mozilla_home_t. > > Ouch! I had hoped something like the regular expressions of "semanage > fcontext" could have done it simpler. > > Hm. I wonder if there might be a better way. In the case of BankID the > plugin starts a separate binary that does some of the work. I believe, in > particular, it's that binary that creates the problematic file. > > Maybe I could write a policy module that puts this binary in a specific > domain when started from mozilla_plugin_t. I would have to let that domain > create files in the home directory, but I wouldn't have to let ALL plugins > do it. It would be a bit better. > > I'll give it a try. It will be a much more advanced module than I've done > before. Go for it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+f9/sACgkQrlYvE4MpobOmeACgw0cuP/mn9W7y4Szsd/gUzEZ1 xqUAoKSm5tsIxeCbogwv1FrH/YZ5kRsV =NRYk -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
