nspluginwrapper and .PDF files

Daniel J Walsh dwalsh at redhat.com
Tue Dec 2 20:52:28 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul C. Rauser wrote:
> Over the past several days, I have begin to experiment with enabling the allow_unconfined_nsplugin_transition boolean in a F10 test environment.
> 
> One of the most consistent demands from my test users/potential security threats is the ability to open .PDF files.  Using mozplugger to do this launches evince, which throws AVCs all over and is probably undesirable anyway for the reasons listed in Dan Walsh's Nov 4 blog post on http://danwalsh.livejournal.com/
> 
> On the other hand, removing mozplugger and using the Adobe Acrobat 8.1.3 Firefox plugin throws lots of AVCs of its own -- and even more when doing things like printing -- and thus may not be the way to go.
> 
> If allow_unconfined_nsplugin_transition is to be useful in user land, it seems that the boolean should allow .PDF opening/saving/printing out of the box using either evince or Adobe's reader.  I am happy to bugzilla the AVCs for one or the other and help with testing -- any preference in the community for which one?
> 
> 
> 
> Paul C. Rauser 
> ægis law group LLP 
> 901 F Street, N.W. 
> Suite 500 
> 
> Washington, D.C. 20004 
> T: 202 737 3375 
> F: 202 737 3330 
> E: prauser at aegislawgroup.com 
> 
> NOTICE: This communication from Aegis Law Group LLP may contain information that is legally privileged, confidential, or exempt from disclosure. If you are not the intended recipient, please note that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by telephone or by return e-mail and delete all copies. 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Make sure your home directory is properly labeled and install the latest
selinux policy.  selinux-policy-3.5.13-26

# yum upgrade selinux-policy\* --enablerepo=updates-testing
# restorecon -R -v /home

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkk1oAwACgkQrlYvE4MpobOw3QCfbqFd/HMm3xMIRSoluXuAhexM
6v0AniFlrcR/+fOy1SkbvBoLjh8H4G94
=eCmI
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list