From: russell@coker.com.au (Russell Coker) Date: Sun, 05 Nov 2017 11:43:54 +1100 Subject: [refpolicy] [PATCH 2/2] contrib: let the mozilla and java domain read generic SSL certificates In-Reply-To: <1509848952.10522.10.camel@trentalancia.com> References: <1509848952.10522.10.camel@trentalancia.com> Message-ID: <29063738.lCU0cDMKUS@xev> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sunday, 5 November 2017 3:29:12 AM AEDT Guido Trentalancia via refpolicy wrote: > Let mozilla read generic SSL certificates so that the browser > can verify them when loading HTTPS web pages. > > Let the java domain read the above mentioned files in the > standard locations. > > +files_read_etc_files(mozilla_t) auth_use_nsswitch(mozilla_t) The above should already cover that. > +files_read_etc_files(mozilla_plugin_t) auth_use_nsswitch(mozilla_plugin_t) The above should cover it. > diff -pru a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te > --- a/policy/modules/contrib/java.te 2017-09-29 19:01:55.158455647 +0200 > +++ b/policy/modules/contrib/java.te 2017-11-05 03:12:56.591765740 +0100 > @@ -95,6 +95,7 @@ dev_read_rand(java_domain) > dev_dontaudit_append_rand(java_domain) > > files_read_usr_files(java_domain) > +files_read_etc_files(java_domain) > files_read_etc_runtime_files(java_domain) auth_use_nsswitch(java_t) Seems to be covered too. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/