On 1/10/19 12:17 AM, Russell Coker wrote:
On Thursday, 10 January 2019 11:06:23 AM AEDT Chris PeBenito wrote:
allow $2 mozilla_t:fd use;
allow $2 mozilla_t:shm rw_shm_perms;
+ allow chrome_sandbox_t $2:fd use;
+ allow chrome_sandbox_t $2:fifo_file write;
+ allow chrome_sandbox_t $3:chr_file { read write };
Beyond that, this simply won't fly because all the seemingly conflicting
types. A user might think, "what does mozilla have to do with chrome? I
don't even have mozilla installed!" For this to work, we'd have to go
down a generic browser policy, with correspondingly generic type names.
I'm not opposed to this, but that'd be the first step.
Fair point. Would you like me to submit a patch s/mozilla/webbrowser/g as the
first step towards this?
Sure. Don't forget the compat aliases for mozilla.
--
Chris PeBenito
