Jim Cornette wrote:
Rahul wrote:
Jim Cornette wrote:
I don't mind the browser being replaced with an individual
application vs a suite of integrated applications for email, browsing
and editing. I miss the missing editing feature the most.
How in the world do you get seamonkey and its corresponding .so files
into the selinux fold? Or better yet, are there guidelines and
assistance given to the Fedora-Extras maintainer that allow their
rpms to set items to the needed SELinux content, in order to work out
of the box?
Just file a bug report with the relevant information in this thread.
There is a draft guide that package maintainers can follow to write
policies when required. SELinux denials can also indicate broken code
which needs to be fixed.
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
For end user docs, see http://fedoraproject.org/wiki/SELinux
Rahul
Thanks for the links. I am still having troubles grasping the management
of SELinux. It is debatable as to how far one is willing to venture in
order to get a desired program to work or just render SELinux totally
ineffective by putting it in permissive or disabling it altogether.
With a modification applied that firefox and thunderbird use in selinux
policies, seamonkey works again and SELinux is crippled as it is for
other mozilla derived applications. It is active again though.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202642
leads to the previously discussed bug which was closed. Comment #8 from
the close bug report works to allow SELinux to remain in enforcing
instead of disabled systemwide.
Until such time as the contexts are fixed in selinux-policy, this should
work:
# semanage fcontext -a -f -- -t textrel_shlib_t
'/usr/lib(64)?/seamonkey.*\.so'
# restorecon -rv /usr/lib*/seamonkey*
(that's two commands, in case of line-wrap)
This should not only survive a relabel but should also result in
seamonkey updates getting the right contexts as soon as they're installed.
Paul.
