where can I find source policy for Mozilla Browser (Firefox)
Jason Edgecombe
jason at rampaginggeek.com
Sat Sep 20 20:27:43 UTC 2008
yiruli at ccsl.carleton.ca wrote:
> Hi,
> Where can I find the source policy for Mozilla Firefox?
>
> From the SELinux administration tool, I see that Mozilla module has
> been loaded?
>
> But I find the following through the command "ps -Z":
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:17:34
> firefox
>
> Can I say that the policy for Firefox in my machine is not enforced yet?
>
> How can I make the policy be enforced?
>
> What is the status of the policy writing for Firefox?
> In one web article, Dan said that the policy writing for Firefox has
> little success due to its variant behaviour.
What about changing the root password, then giving the customer (and
other internal people) access vis sudo with an auditing shell like eash.
They still have a root shell, it's just audited now.
See http://www.rootprompt.org/article.php3?article=10015
If you don't have selinux, then you can also write library that logs the
system calls that you want and load it with LD_PRELOAD in a script that
is run via sudo.
Jason
More information about the fedora-selinux-list
mailing list