Let us know how it goes. i thought i followed one of Daniel Walsh's blog posts to sandbox firefox and don't remember it being that bad, but that was well over a year ago. Since he maintained selinux for RedHat for a number of years, ... he probably knows what he is talking about. He was always on top of selinux reported bugs.
You may want to check out Qubes-OS. Qubes-OS is based on Fedora by the creator of bluepill guestOS to hypervisor code.
On Thu, Dec 6, 2012 at 8:05 PM, David McGuffey davidmcguffey@verizon.netwrote:
Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process.
Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux?
I've discovered some guidance for sandboxing Firefox using the 'sandbox' command. Once I test it a bit, I'll post the results back here. Seems to me that if this works, it should be the default.
DaveM
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos