Is labelling the .adobe location correct here? I got the impression from
the discussion that this might not be the way to go taking into account
that other domains need access to the .adobe location as well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20121017/2232e661/attachment.html
Yes i like dwalshs' idea of trying to make it so that mozilla plugin
doesnt need to access mozilla home content
Since it seems that mozilla plugin might need to exec/mmap/execmod
plugin files i decided to try and label that content with a new
mozilla_plugin_home_t type
mozilla plugin can exec/mmap that content and conditionally execmod it
I have also taken your comment about application needing access to
~/.adobe and that people do not trust flash
And so i think i am meeting halfway with this solution. It is not such a
bug problem if other browsers need access to mozilla_plugin_home_t ( not
as big of a problem than them needing access to mozilla_home_t)
but the content still have a private type so that we can block access to
it
A seperate flash_home_t type is giving too much credit to adobe ( I just
think its not needed a generic mozilla_plugin_home type for all those
plugins should be fine i believe)
On Wed, 2012-10-17 at 14:50 +0200, Sven Vermeulen wrote:
> Is labelling the .adobe location correct here? I got the impression
> from the discussion that this might not be the way to go taking into
> account that other domains need access to the .adobe location as well.
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy