From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 16 Apr 2011 14:30:51 +0200 Subject: [refpolicy] [PATCH 05/15] Allow mozilla/firefox to manage tempfiles In-Reply-To: <4D89F14D.5070500@tresys.com> References: <20110309211121.GA4682@siphos.be> <4D89F14D.5070500@tresys.com> Message-ID: <20110416123051.GA13024@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, Mar 23, 2011 at 09:10:37AM -0400, Christopher J. PeBenito wrote: > On 03/09/11 16:11, Sven Vermeulen wrote: > > +type mozilla_tmp_t; > > +files_tmp_file(mozilla_tmp_t) > > +ubac_contrained(mozilla_tmp_t) > > + > > ######################################## > > # > > # Local policy > > @@ -68,6 +72,10 @@ manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t) > > manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t) > > fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file }) > > > > +manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t) > > +manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t) > > +files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir } ) > > + > > kernel_read_kernel_sysctls(mozilla_t) > > kernel_read_network_state(mozilla_t) > > # Access /proc, sysctl The mozilla_tmp_t is used by firefox to create /tmp/plugtmp/plugin-crossdomain.xml (for instance while viewing Youtube streams). > > @@ -142,6 +150,8 @@ miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t) > > sysnet_dns_name_resolve(mozilla_t) > > > > userdom_use_user_ptys(mozilla_t) > > +userdom_manage_user_tmp_files(mozilla_t) > > +userdom_manage_user_tmp_sockets(mozilla_t) > > Do you have more info on these? Such as what files and sockets are > being managed? These ones I have not been able to hit immediately, but I'll run a while without to see if I can get the information back. Wkr, Sven Vermeulen