From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 03 Sep 2009 08:58:09 -0400
Subject: [refpolicy] [PATCH] make firefox transition to mozilla_exec_t
In-Reply-To: <4A987395.8020106@tycho.nsa.gov>
References: <4A987395.8020106@tycho.nsa.gov>
Message-ID: <1251982692.12471.6.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2009-08-28 at 20:17 -0400, Eamon Walsh wrote:
> I need the following to get firefox to run in mozilla_t.  I'm not
> sure 
> if the current behavior is intended (running it in user_t).

This doesn't apply.  It looks like you're still using an svn checkout,
rather than git.

> 
> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (refpolicy_mozilla_exec_fix.patch)
> 
> Index: kernel/corecommands.fc
> ===================================================================
> --- kernel/corecommands.fc      (revision 3012)
> +++ kernel/corecommands.fc      (working copy)
> @@ -156,7 +156,6 @@
>  /usr/lib/ccache/bin(/.*)?              gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib/pgsql/test/regress/.*\.sh
> --  gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib/qt.*/bin(/.*)?                        gen_context(system_u:object_r:bin_t,s0)
> -/usr/lib(64)?/[^/]*firefox[^/]*/firefox --
> gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib(64)?/apt/methods.+    --      gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib(64)?/ConsoleKit/run-session.d(/.*)?
> gen_context(system_u:object_r:bin_t,s0)
> Index: apps/mozilla.fc
> ===================================================================
> --- apps/mozilla.fc     (revision 3012)
> +++ apps/mozilla.fc     (working copy)
> @@ -28,4 +28,5 @@
>  /usr/lib(64)?/mozilla[^/]*/reg.+
> --    gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/lib(64)?/mozilla[^/]*/mozilla-.* --
> gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/lib(64)?/firefox[^/]*/mozilla-.* --
> gen_context(system_u:object_r:mozilla_exec_t,s0)
> +/usr/lib(64)?/[^/]*firefox[^/]*/firefox --
> gen_context(system_u:object_r:mozilla_exec_t,s0)
>  /usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin --
> gen_context(system_u:object_r:mozilla_exec_t,s0)
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150