firefox problems with: browser_confine_unconfined --> on
Christoph A.
casmls at gmail.com
Tue May 13 14:25:02 UTC 2008
Daniel J Walsh wrote:
> Well I don't really believe in confining firefox in this way, because of
> the transitions available.
>
>
> You can confine nsplugin though
>
> http://danwalsh.livejournal.com/15700.html
>
>
> The problem with confining firefox is somewhat covered in this article,
> but where it really breaks is in helper applications.
Yes, I'm a reader of your blog (thanks for posting this interessting
informations)
> unconfined_mozilla_t runs ooffice and office ends up in
> unconfined_mozilla_t but if thunderbird or you launch ooffice directly
> it runs unconfined_t and things get confused.
For me it would be fine to save a file (pdf, odt, ..) to disk
(~/Downloads) prior to open it with the apropriate program (pdf-reader,
openoffice, ...) in the unconfined_t domain and not starting these
programs directly within firefox.
I admit that normal enduser would not like this extra step just to get
more security.
regards,
Christoph A.
More information about the fedora-selinux-list
mailing list