writing a firefox policy
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Jul 20 14:38:40 UTC 2006
On Thu, 20 Jul 2006 10:28:09 EDT, Matthew Miller said:
> On Thu, Jul 20, 2006 at 05:38:49AM -0400, Valdis.Kletnieks at vt.edu wrote:
> > serve as a starting point. One *big* constraint you can put on it is
> > to prevent looking at any files in /home except ~/.mozilla and ~/Downloads
> > (or whatever you decide to call it) (Some finessing to allow reading of
> > ~ so you can get to ~/.mozilla is a Good Idea :)
>
> If Firefox is restricted to downloading to only specific directories, the
> option to change the default download directory should be removed from the
> UI. I'm not sure that's desirable.
You're *still* going to need that option, because Firefox may not be restricted
in all environments, and the actual directory name may not be cast in stone (in particular,
the policy has this:
HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
Any other directory labelled as ROLE_mozilla_home_t will work as well (and in
fact, I have several such directories - a ~/Downloads where most small stuff
goes, and another directory on another filesystem for downloading .iso and
similar....)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060720/ebe9120c/attachment.sig>
More information about the fedora-selinux-list
mailing list