On Sat, Feb 12, 2011 at 22:25:41 -0600, Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx> wrote: > > All the plugins on my F-14 and F-12 machines have context > system_u:object_r:lib_t with the exception of nppdf.so which > is unconfined_u:object_r:lib_t. Nothing there that's going to > cause a transition out of unconfined_t. This is the article that I probably remember this from. There is a plugin wrapper that is used to have a transition. It also talks about some of the issues with trying to confine a web browser. http://danwalsh.livejournal.com/15700.html?thread=117076 > I keep hearing noise about how vital it is to have SELinux protecting > against browser exploits, but I've yet to see any evidence that a > standard (i.e., targeted policy) SELinux installation has anything > beyond execmem protection for the browser process, or, for that matter, > for a lot of other vulnerable targets such as the thunderbird mail > reader or the evince and acroread document viewers. It's probably even more important for mail clients since they process unsolicited data. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
