On Thursday, 10 January 2019 11:06:23 AM AEDT Chris PeBenito wrote:
> > allow $2 mozilla_t:fd use;
> > allow $2 mozilla_t:shm rw_shm_perms;
> > + allow chrome_sandbox_t $2:fd use;
> > + allow chrome_sandbox_t $2:fifo_file write;
> > + allow chrome_sandbox_t $3:chr_file { read write };
>
> Beyond that, this simply won't fly because all the seemingly conflicting
> types. A user might think, "what does mozilla have to do with chrome? I
> don't even have mozilla installed!" For this to work, we'd have to go
> down a generic browser policy, with correspondingly generic type names.
> I'm not opposed to this, but that'd be the first step.
Fair point. Would you like me to submit a patch s/mozilla/webbrowser/g as the
first step towards this?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
