From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 05 Nov 2017 03:33:19 +0100
Subject: [refpolicy] [PATCH] mozilla: read generic SSL certificates
In-Reply-To: <1509848395.10522.2.camel@trentalancia.com>
References: <1509823283.11280.1.camel@trentalancia.com>
	<7465931.3MQntFZNdE@xev> <1509848395.10522.2.camel@trentalancia.com>
Message-ID: <1509849199.10522.14.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Russell and Christopher.

I have just posted the additional patch (as a set of 2 patches) that
relabels the generic SSL certificates as standard files.

This now requires further work to curb on the widespread use of
miscfiles_read_generic_certs() (and eventually modifications to read
etc_t and/or usr_t as appropriate).

On, 05/11/2017 at 03.19 +0100, Guido Trentalancia via
refpolicy wrote:
> Hello Russell,
> 
> I can create an additional patch that labels the certificates as
> standard files and lets the mozilla and java domains read those
> standard files.
> 
> By default, such certificate files are installed under /etc/pki/ so I
> have changed the file contexts as appropriate.

Regards,

Guido