On Tue, Aug 15, 2006 at 07:30:25PM -0400, Jim Cornette wrote: > locate libxpcom_core.so > /usr/lib/firefox-1.5.0.6/libxpcom_core.so > /usr/lib/seamonkey-1.0.4/libxpcom_core.so > /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so > # ls -lZ /usr/lib/firefox-1.5.0.6/libxpcom_core.so > -rwxr-xr-x root root system_u:object_r:textrel_shlib_t > # ls -lZ /usr/lib/seamonkey-1.0.4/libxpcom_core.so > -rwxr-xr-x root root system_u:object_r:lib_t > # ls -lZ /usr/lib/thunderbird-1.5.0.5/libxpcom_core.so > -rwxr-xr-x root root system_u:object_r:textrel_shlib_t > > I don't mind the browser being replaced with an individual application > vs a suite of integrated applications for email, browsing and editing. I > miss the missing editing feature the most. > > How in the world do you get seamonkey and its corresponding .so files > into the selinux fold? Or better yet, are there guidelines and > assistance given to the Fedora-Extras maintainer that allow their rpms > to set items to the needed SELinux content, in order to work out of the box? Best cure is avoid DT_TEXTREL shared libraries. Even on the platforms that (in a limited way) allow them, they are very costly and insecure. See http://people.redhat.com/drepper/textrelocs.html for details. If you fix it up, you don't need any special selinux policy changes. Jakub
