From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 07 Dec 2016 23:06:19 +0100 Subject: [refpolicy] [PATCH v2] mozilla: allow reading generic SSL certificates In-Reply-To: <1481129401.3300.3.camel@trentalancia.net> References: <1481129401.3300.3.camel@trentalancia.net> Message-ID: <1481148379.9718.0.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Allow reading the system-wide and user-specific certificates from the mozilla domain and not just from the mozilla_plugin domain. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/mozilla.te | 3 +++ 1 file changed, 3 insertions(+) diff -pruN refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te refpolicy-git-07122016/policy/modules/contrib/mozilla.te --- refpolicy-git-07122016-orig/policy/modules/contrib/mozilla.te 2016-12-07 13:39:50.051911134 +0100 +++ refpolicy-git-07122016/policy/modules/contrib/mozilla.te 2016-12-07 22:57:55.013144918 +0100 @@ -181,9 +181,12 @@ auth_use_nsswitch(mozilla_t) logging_send_syslog_msg(mozilla_t) miscfiles_read_fonts(mozilla_t) +miscfiles_read_generic_certs(mozilla_t) miscfiles_read_localization(mozilla_t) miscfiles_dontaudit_setattr_fonts_dirs(mozilla_t) +userdom_read_user_certs(mozilla_t) + userdom_use_user_ptys(mozilla_t) userdom_manage_user_tmp_dirs(mozilla_t)