• 1
The problem is scale and antitrust. MSFT can't bundle even basic virus checking because of all the antitrust grief it would get from the existing add-on industry.

How does Fedora's SELinux setup handle those pesky little ".desktop" files? Does a command in a .desktop file run at the same privilege level as if the user had done an alt-f2 and typed it?

Well depends on the pain you want to handle. If you use a confined user you can turn off the execution of anything in the Home Directory. If you are running nsplugin, then plugins will only be able to write to certain directories. Of course the pain point for truly confining the web browser is where users start to complain. Currently with policy we can not differentiate from when a user downloads a file to his home directory through the web browser versus the browser doing it on its own.

I can add to this, what for security reason I create different user, from which I run firefox and opera. He has no write/read rights to my own files. We share with him directory 'downloads' and I use it to transmit files in both sides. So no one, who can probably hack my browser can do realy bad things.

I have an F10 box with SElinux in permissive mode. The endless deluge of exceptions and crashes in setroubleshootd do not inspire confidence. You may be able to hide this disaster from your mother somehow, but it's still there.

Have you submitted bugzillas.

Contact my email directly and I will look at what is going on.

dwalsh@redhat.com

Re: Have you submitted bugzillas.

Thanks, Dan. I did file one or two in the past but it always was an outdated policy (and even a missing relabel one), a PEBKAC. This is box is updated though.

Re: Have you submitted bugzillas.

Well send me your audit.log and I can look at it quick.

Re: Have you submitted bugzillas.

I think we should mention here that the box in question is a result of an upgrade (presumably a fresh install of F10 would work fine).

Re: Have you submitted bugzillas.

Yes your problems stem from an upgrade from F8 to F9 or F10. Which caused the selinux login database to be fubar

  • 1
?

Log in