acroread again
Joachim Selke
selke at thi.uni-hannover.de
Thu May 18 11:18:45 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
one or two weeks ago the Adobe Reader RPM from Adobe got a special
treatment in default policy (FC5). It looks like this:
| semanage fcontext -l | grep -Ei 'adobe|intellinux'
| /usr/(local/)?acroread/(.*/)?intellinux/nppdf\.so regular file
system_u:object_r:textrel_shlib_t:s0
| /usr/(local/)?Adobe/.*\.api regular file
system_u:object_r:textrel_shlib_t:s0
| /usr/(local/)?Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)* regular file
system_u:object_r:textrel_shlib_t:s0
| /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl regular file
system_u:object_r:textrel_shlib_t:s0
| /usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so regular file
system_u:object_r:textrel_shlib_t:s0
But there is a repackaged version of this RPM available from Dries RPM
Repository
(<http://dries.studentenweb.org/rpm/packages/acroread/info.html>), which
fixes some problems with the original RPM and changes the install path
from /usr/local/Adobe/Acrobat7.0 to /usr/lib/acroread.
But this change bypasses the rules for acroread in current default
policy. Can these rules be extended so that they cover the acroread RPM
from Dries RPM Repository?
Joachim
- --
B. Sc. Joachim Selke
Universität Hannover, Institut für Theoretische Informatik
Appelstraße 4, 30167 Hannover, Germany
<http://www.thi.uni-hannover.de/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEbFgVq7fYj4TsIUwRAvRCAJsFVzD+/5keLPbUuDLes3jkGhXZUQCglzHJ
/mCEUanWqbf66R7sELGp7Co=
=GeKx
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list