[CentOS] Advanced Persistent Threats; Why aren't we confining Firefox and Evolution?

[Gordon Messmer]

On 12/06/2012 06:05 PM, David McGuffey wrote:
> Why isn't Firefox and Evolution confined with SELinux policy in a way
> that APT can't damage the rest of the system? Why are we not sandboxing
> these two apps with SELinux?

Probably mostly because when you sandbox an X11 application, you can't 
copy and paste in or out of the application.  Most users want to do that.