Les Mikesell wrote:
I already gave you the link earlier. Nspluginwrapper is installed by
default which can run plugins in a separate memory address making it
possible to confine it by policy. If a flash plugin tries to access
files under .ssh for example, SELinux policy can prevent that as a
obvious violation.
That hasn't been released yet has it?
It is available in rawhide and will be part of Fedora 9 release at the
end of this month. I am not sure whether it is getting backported to
previous releases but probably not.
Are there policies that actually
do something useful that are known not to break anything?
Sure it does. Again read the link at
http://danwalsh.livejournal.com/15700.html#cutid1
Rahul
