[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: selinux-policy-3.3.1-51 and browser_confine_unconfined

From: Daniel J Walsh <dwalsh redhat com>
To: Stefan Schulze Frielinghaus <stefan seekline net>
Cc: fedora-selinux-list redhat com
Subject: Re: selinux-policy-3.3.1-51 and browser_confine_unconfined
Date: Wed, 28 May 2008 14:46:42 -0400

Stefan Schulze Frielinghaus wrote:
> In policy version 3.3.1-42 a boolean browser_confine_unconfined exists
> to control firefox. Since version 3.3.1-51 it's gone and only one for
> guest exists. I checked the RPM changelog but nothing helpful. What
> happened to the other one? Does there also exist one for staff_t etc.?
> 
> Best regards
> Stefan
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No only for domains that explicitly call the mozilla_per_role_template()
interface.  Currently only xguest has this.

So if you wanted to add it back for unconfined_t you could build a
policy module with

mozilla_per_role_template(unconfined, unconfined_t, unconfined_r)

Follow-Ups:
- Re: selinux-policy-3.3.1-51 and browser_confine_unconfined
  - From: Stefan Schulze Frielinghaus

References:
- selinux-policy-3.3.1-51 and browser_confine_unconfined
  - From: Stefan Schulze Frielinghaus

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]