From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Fri, 27 Jul 2012 11:12:18 +0200 Subject: [refpolicy] kdialog and Chromium In-Reply-To: <201207271614.43908.russell@coker.com.au> References: <201207271614.43908.russell@coker.com.au> Message-ID: <20120727091218.GB13778@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, Jul 27, 2012 at 04:14:43PM +1000, Russell Coker wrote: > Currently on Debian/Wheezy it's impossible to download files in Chromium when > you are running a KDE session. > > Chromium launches kdialog to display the dialog box to ask where the file > should be saves. kdialog wants to write to files such as > ~/.kde/share/config/kdebugrc.lock which isn't permitted for mozilla_t. > > One possibility that occurs to me is to have kdialog transition to user_t. > Transitioning from mozilla_t isn't generally a good thing, and breaks the case > of running mozilla_t from multiple user domains (multiple user domains is > essentially a broken feature of the policy anyway). > > Apart from modifying kdialog to not depend on the ability to write to > kdebugrc.lock what can I do to solve this? Russel, sorry for sending you previous mails privately, wasn't my intention. As I said, I'm working on a (separate[1]) domain for chromium and hit similar issues too (for instance when accessing ~/.pki) since I am trying to get the browsers running without requiring access to user_home_t stuff. Perhaps we can allow for a sharable lock file type (kde_lock_t) and allow the domain search rights in the kde_home_t stuff (I'm assuming these are the domains, I don't have any kde_* stuff here) and an automated file transition when a file with the name "kdebugrc.lock" is written in kde_home_t to kde_lock_t ? Wkr, Sven Vermeulen [1] Chromium itself can be built with SELinux-enabled, but then requires that the policy supports a domain called chromium_renderer_t (which it dynamically transitions to). It doesn't make sense to include this in the mozilla_t domain. Also, many companies have different policies for the browsers: the globally supported browser has more rights (more open) whereas the other browsers can only be used in a limited extend. I tend to use booleans to toggle this, but then we can't use a global domain since booleans affect all browsers in that domain.