Latest Seamonkey update
Jakub Jelinek
jakub at redhat.com
Tue Aug 15 23:40:15 UTC 2006
On Tue, Aug 15, 2006 at 07:30:25PM -0400, Jim Cornette wrote:
> locate libxpcom_core.so
> /usr/lib/firefox-1.5.0.6/libxpcom_core.so
> /usr/lib/seamonkey-1.0.4/libxpcom_core.so
> /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so
> # ls -lZ /usr/lib/firefox-1.5.0.6/libxpcom_core.so
> -rwxr-xr-x root root system_u:object_r:textrel_shlib_t
> # ls -lZ /usr/lib/seamonkey-1.0.4/libxpcom_core.so
> -rwxr-xr-x root root system_u:object_r:lib_t
> # ls -lZ /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so
> -rwxr-xr-x root root system_u:object_r:textrel_shlib_t
>
> I don't mind the browser being replaced with an individual application
> vs a suite of integrated applications for email, browsing and editing. I
> miss the missing editing feature the most.
>
> How in the world do you get seamonkey and its corresponding .so files
> into the selinux fold? Or better yet, are there guidelines and
> assistance given to the Fedora-Extras maintainer that allow their rpms
> to set items to the needed SELinux content, in order to work out of the box?
Best cure is avoid DT_TEXTREL shared libraries. Even on the platforms
that (in a limited way) allow them, they are very costly and insecure.
See
http://people.redhat.com/drepper/textrelocs.html
for details. If you fix it up, you don't need any special selinux policy
changes.
Jakub
More information about the fedora-list
mailing list