This patch replaces local policy by interface calls
Index: /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/mozilla.if
===================================================================
--- /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/mozilla.if (revision 2762)
+++ /home/domg472/Workspace/refpolicy_trunk/policy/modules/apps/mozilla.if (working copy)
@@ -78,10 +78,9 @@
userdom_search_user_home_dirs($1,$1_mozilla_t)
# Mozpluggerrc
- allow $1_mozilla_t mozilla_conf_t:file read_file_perms;
+ read_files_pattern($1_mozilla_t, mozilla_conf_t, mozilla_conf_t)
allow $1_mozilla_t $2:fd use;
- allow $1_mozilla_t $2:process sigchld;
allow $1_mozilla_t $2:unix_stream_socket connectto;
allow $2 $1_mozilla_t:fd use;
allow $2 $1_mozilla_t:shm { associate getattr };
@@ -190,6 +189,8 @@
userdom_manage_user_tmp_dirs($1,$1_mozilla_t)
userdom_manage_user_tmp_files($1,$1_mozilla_t)
userdom_manage_user_tmp_sockets($1,$1_mozilla_t)
+
+ userdom_sigchld_all_users($1_mozilla_t)
xserver_user_x_domain_template($1,$1_mozilla,$1_mozilla_t,
$1_mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files($1_mozilla_t)
--
Dominick Grift <domg472@xxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
