From: guido@trentalancia.com (Guido Trentalancia) Date: Sun, 05 Nov 2017 03:33:19 +0100 Subject: [refpolicy] [PATCH] mozilla: read generic SSL certificates In-Reply-To: <1509848395.10522.2.camel@trentalancia.com> References: <1509823283.11280.1.camel@trentalancia.com> <7465931.3MQntFZNdE@xev> <1509848395.10522.2.camel@trentalancia.com> Message-ID: <1509849199.10522.14.camel@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Russell and Christopher. I have just posted the additional patch (as a set of 2 patches) that relabels the generic SSL certificates as standard files. This now requires further work to curb on the widespread use of miscfiles_read_generic_certs() (and eventually modifications to read etc_t and/or usr_t as appropriate). On, 05/11/2017 at 03.19 +0100, Guido Trentalancia via refpolicy wrote: > Hello Russell, > > I can create an additional patch that labels the certificates as > standard files and lets the mozilla and java domains read those > standard files. > > By default, such certificate files are installed under /etc/pki/ so I > have changed the file contexts as appropriate. Regards, Guido