diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if index f65b59f..48eb884 100644 --- a/policy/modules/apps/screen.if +++ b/policy/modules/apps/screen.if @@ -54,7 +54,7 @@ template(`screen_per_role_template',` type $1_screen_ro_home_t; files_type($1_screen_ro_home_t) - type $1_screen_var_run_t;; + type $1_screen_var_run_t; files_pid_file($1_screen_var_run_t) ######################################## diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if index 839142d..1e5f7a1 100644 --- a/policy/modules/apps/thunderbird.if +++ b/policy/modules/apps/thunderbird.if @@ -326,13 +326,6 @@ template(`thunderbird_per_role_template',` # A similar thing might be necessary for mozilla compiled without GNOME # support (is this possible?). - # FIXME: Why does it try to do that? - #dontaudit $1_thunderbird_t evolution_exec_t:file { getattr execute }; - - # Why is thunderbird looking in .mozilla ? - # FIXME: there are legitimate uses of invoking the browser - about -> release notes - dontaudit $1_thunderbird_t $1_mozilla_home_t:dir search; - # Start links in web browser ifdef(`mozilla.te', ` can_exec($1_thunderbird_t, shell_exec_t) @@ -345,7 +338,7 @@ template(`thunderbird_per_role_template',` gnome_file_dialog($1_thunderbird, $1) allow $1_thunderbird_t $1_gnome_settings_t:file { read write }; ') - optinal_policy(`dbus',` + optinal_policy(` allow $1_t $2_dbusd_t:dbus send_msg; ifdef(`cups.te', ` allow cupsd_t $1_t:dbus send_msg;