On 1/12/21 5:11 AM, Russell Coker wrote:
This patch is the one I described as "another chromium patch" on the 10th of
April last year, but with the issues addressed.
I believe it's ready for inclusion.
Signed-off-by: Russell Coker <russell@xxxxxxxxxxxx>
Chromium policy tweaks and DRI policy
[...]
--- refpolicy-2.20201210.orig/policy/modules/apps/chromium.if
+++ refpolicy-2.20201210/policy/modules/apps/chromium.if
@@ -38,7 +38,15 @@ interface(`chromium_role',`
allow $2 chromium_t:process signal_perms;
allow $2 chromium_renderer_t:process signal_perms;
+ allow $2 chromium_sandbox_t:process signal_perms;
allow $2 chromium_naclhelper_t:process signal_perms;
+ allow chromium_t $2:process { signull signal };
+ allow $2 chromium_t:file manage_file_perms;
I think I'm ok with the other parts, but is this a typo, manage on proc/pid entries?
--
Chris PeBenito
