Fedora (again) forces me to disable SELinux
Rahul Sundaram
sundaram at fedoraproject.org
Sat Apr 5 12:08:12 UTC 2008
Daniel J Walsh wrote:
> During the Beta I have been turning on a transition boolean for
> nsplugin. This transition is from unconfined_t to nsplugin_t. The
> attempt here is to confine random code like flashplugin/acrobat and
> other closed source programs that read random data from the internet
> from attacking your machine. I have to turn it on by default in
> Rawhide/Beta to find out what problems it causes. I will probably turn
> it off when we release, to prevent it causing problems, for people like you.
>
> I write about the change in
>
> danwalsh.livejournal.com/15700.html
>
> This is a potential real security gain from this, but we need to
> experiment to figure out how we can benefit the greatest number of users.
>
> I agree we need to tread lightly when adding new SELinux confinement, to
> the users but we still have an ability that could really advance
> computer security.
Please send a note to fedora-devel/fedora-test list when making
important changes like this so people know what to expect and can give
feedback accordingly.
Rahul
More information about the fedora-devel-list
mailing list