Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   selinux-policy-3.3.1-51 and browser_confine_unconfined (http://www.linux-archive.org/fedora-selinux-support/97020-selinux-policy-3-3-1-51-browser_confine_unconfined.html)

Daniel J Walsh 05-28-2008 06:46 PM

selinux-policy-3.3.1-51 and browser_confine_unconfined
 
Stefan Schulze Frielinghaus wrote:
> In policy version 3.3.1-42 a boolean browser_confine_unconfined exists
> to control firefox. Since version 3.3.1-51 it's gone and only one for
> guest exists. I checked the RPM changelog but nothing helpful. What
> happened to the other one? Does there also exist one for staff_t etc.?
>
> Best regards
> Stefan
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No only for domains that explicitly call the mozilla_per_role_template()
interface. Currently only xguest has this.

So if you wanted to add it back for unconfined_t you could build a
policy module with

mozilla_per_role_template(unconfined, unconfined_t, unconfined_r)

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Stefan Schulze Frielinghaus 05-28-2008 07:37 PM

selinux-policy-3.3.1-51 and browser_confine_unconfined
 
On Wed, 2008-05-28 at 14:46 -0400, Daniel J Walsh wrote:
[...]
> So if you wanted to add it back for unconfined_t you could build a
> policy module with
>
> mozilla_per_role_template(unconfined, unconfined_t, unconfined_r)

That's it. Thanks!

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 09:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.