Allow mozilla/firefox to manage tempfiles
On Wed, Mar 23, 2011 at 09:10:37AM -0400, Christopher J. PeBenito wrote: > > userdom_use_user_ptys(mozilla_t) > > +userdom_manage_user_tmp_files(mozilla_t) > > +userdom_manage_user_tmp_sockets(mozilla_t) > > Do you have more info on these? Such as what files and sockets are > being managed? Not anymore apparently. Been running now for quite some time without these privileges and I get no problems with it. Retry: Mozilla/Firefox creates temporary files for its plugin support (for instance while viewing flc streams), like /tmp/plugtmp/plugin-crossdomain.xml. Update policy to allow it to create its own tmp type and perform a file transition when creating a file or directory in a tmp_t location (like /tmp). Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
8cd36efcd9
commit
f28f89acb8
@ -33,6 +33,12 @@ typealias mozilla_tmpfs_t alias { auditadm_mozilla_tmpfs_t secadm_mozilla_tmpfs_
|
|||||||
files_tmpfs_file(mozilla_tmpfs_t)
|
files_tmpfs_file(mozilla_tmpfs_t)
|
||||||
ubac_constrained(mozilla_tmpfs_t)
|
ubac_constrained(mozilla_tmpfs_t)
|
||||||
|
|
||||||
|
type mozilla_tmp_t;
|
||||||
|
typealias mozilla_tmp_t alias { user_mozilla_tmp_t staff_mozilla_tmp_t sysadm_mozilla_tmp_t };
|
||||||
|
typealias mozilla_tmp_t alias { auditadm_mozilla_t secadm_mozilla_t };
|
||||||
|
files_tmp_file(mozilla_tmp_t)
|
||||||
|
ubac_constrained(mozilla_tmp_t)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Local policy
|
# Local policy
|
||||||
@ -68,6 +74,10 @@ manage_fifo_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
|
|||||||
manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
|
manage_sock_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
|
||||||
fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
|
fs_tmpfs_filetrans(mozilla_t, mozilla_tmpfs_t, { file lnk_file sock_file fifo_file })
|
||||||
|
|
||||||
|
manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
|
||||||
|
manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
|
||||||
|
files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(mozilla_t)
|
kernel_read_kernel_sysctls(mozilla_t)
|
||||||
kernel_read_network_state(mozilla_t)
|
kernel_read_network_state(mozilla_t)
|
||||||
# Access /proc, sysctl
|
# Access /proc, sysctl
|
||||||
|
Loading…
Reference in New Issue
Block a user