From: guido@trentalancia.net (Guido Trentalancia) Date: Sat, 26 Nov 2016 16:49:09 +0100 Subject: [refpolicy] [PATCH] Apache OpenOffice module In-Reply-To: References: <1480113700.5692.4.camel@trentalancia.net> Message-ID: <1480175349.13653.3.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello again... On Sat, 26/11/2016 at 14.53 +0100, Dominick Grift via refpolicy wrote: > On 11/25/2016 11:41 PM, Guido Trentalancia via refpolicy wrote: [...] > > +############################## > > +# > > +# Openoffice local policy > > +# > > + > > +allow ooffice_t self:process { execmem signal }; > > +allow ooffice_t self:shm create_shm_perms; > > +allow ooffice_t self:udp_socket create_socket_perms; > > the above indicated that it is probably an nss client > (auth_use_nsswitch()) Actually, auth_use_nsswitch() is probably too permissive and not needed, I think sysnet_dns_name_resolve() is more than enough... So, I am probably going to change it like that. Regards, Guido