Daniel,
Can the Firefox profile file hierarchy be sandboxed? So everything downloaded within the profile cache is sandboxed. More like if any application accesses something in a particular folder, sandboxing automatically kicks in.
On Fri, Dec 7, 2012 at 5:49 AM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/06/2012 09:05 PM, David McGuffey wrote:
Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process.
Why isn't Firefox and Evolution confined with SELinux policy in a way
that
APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux?
I've discovered some guidance for sandboxing Firefox using the 'sandbox' command. Once I test it a bit, I'll post the results back here. Seems
to
me that if this works, it should be the default.
DaveM
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Very difficult to sandbox thunderbird and firefox. But sandbox tool actually works well for sandboxing viewers of downloaded data. I sandbox all content that will be viewed by evince and libreoffice. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDB19QACgkQrlYvE4MpobPbugCfZfbdFXIDLwSk1/hXvXaHvVDS cPcAoOGg4eOtAPYVZvqcMmpB8fke1Q0d =krFW -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos