* Re: New domain for nsplugin [not found] <4831B4E7.6010000@comcast.net> @ 2008-05-26 15:46 ` Christopher J. PeBenito 2008-05-27 11:44 ` Daniel J Walsh 0 siblings, 1 reply; 3+ messages in thread From: Christopher J. PeBenito @ 2008-05-26 15:46 UTC (permalink / raw) To: Daniel J Walsh; +Cc: SE Linux On Mon, 2008-05-19 at 13:12 -0400, Daniel J Walsh wrote: > --- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500 > +++ serefpolicy-3.4.1/policy/modules/apps/nsplugin.fc 2008-05-19 11:36:24.749177000 -0400 > @@ -0,0 +1,9 @@ > + > +/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0) > +/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0) > +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0) > + > +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0) > +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0) > +HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:user_nsplugin_home_t,s0) > +HOME_DIR/\.local.* gen_context(system_u:object_r:user_nsplugin_home_t,s0) I'm having trouble buying this one. It seems pretty broad, especially since acrobat isn't only a browser plugin, and I'm not sure what gstreamer is doing here. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: New domain for nsplugin 2008-05-26 15:46 ` New domain for nsplugin Christopher J. PeBenito @ 2008-05-27 11:44 ` Daniel J Walsh 0 siblings, 0 replies; 3+ messages in thread From: Daniel J Walsh @ 2008-05-27 11:44 UTC (permalink / raw) To: Christopher J. PeBenito; +Cc: SE Linux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher J. PeBenito wrote: | On Mon, 2008-05-19 at 13:12 -0400, Daniel J Walsh wrote: |> --- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1969-12-31 19:00:00.000000000 -0500 |> +++ serefpolicy-3.4.1/policy/modules/apps/nsplugin.fc 2008-05-19 11:36:24.749177000 -0400 |> @@ -0,0 +1,9 @@ |> + |> +/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0) |> +/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0) |> +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0) |> + |> +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0) |> +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:user_nsplugin_home_t,s0) |> +HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:user_nsplugin_home_t,s0) |> +HOME_DIR/\.local.* gen_context(system_u:object_r:user_nsplugin_home_t,s0) | | I'm having trouble buying this one. It seems pretty broad, especially | since acrobat isn't only a browser plugin, and I'm not sure what | gstreamer is doing here. | These are basically directories that nsplugin needs to write in. So we can define a new context for each, without a controlling domain. But we need to set a new precedence for this. gstramer_home_t, adobe_home_t? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkg764wACgkQrlYvE4MpobMMLwCeP75ccyLjysfBHjdPlMhXeIEN mgkAnjgWcsVHV2B+zIdJmH3xsW9o8Crl =LsdV -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
* New domain for nsplugin @ 2008-05-19 22:25 Daniel J Walsh 0 siblings, 0 replies; 3+ messages in thread From: Daniel J Walsh @ 2008-05-19 22:25 UTC (permalink / raw) To: SE Linux [-- Attachment #1: Type: text/plain, Size: 1 bytes --] [-- Attachment #2: apps_nsplugin.patch.gz --] [-- Type: application/x-gzip, Size: 2782 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-05-27 11:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <4831B4E7.6010000@comcast.net>
2008-05-26 15:46 ` New domain for nsplugin Christopher J. PeBenito
2008-05-27 11:44 ` Daniel J Walsh
2008-05-19 22:25 Daniel J Walsh
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.