Still unconfined?
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 28 19:46:21 UTC 2006
Jimmy wrote:
> Hi!
>
> Im trying to learn SELinux from bottom up, but having some fundamental
> issues regarding the basics.
> Im trying to load the mozilla.pp module in targeted, which works fine.
> I set the correct contexts with restorecon on firefox-bin. But when i
> run the binary it stills runs in unconfined_t when looking at running
> processes (ps auxZ).
> Ivé tried to compile it myself from different sources, and load it,
> but get the same results all the time. Then i tried with netutils.pp
> and discovered the same problem witrh ping.
>
> Why doesnt firefox get transfered to the $1_mozilla_t domain??? I know
> im making some really fundamental mistake somewhere, but i cant find
> out what it is!
>
> With best regards / Tomten
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
You need to write a transition rule from unconfined_t to mozilla_t
Something like
mozilla_per_role_template(user, unconfined_t, system_r)
But there is a bug in policy right now
gen_require(`
type mozilla_exec_t;
type mozilla_conf_t;
')
Needs to be added to the mozilla_per_role_template interface definition.
More information about the fedora-selinux-list
mailing list