Let us know how it goes. i thought i followed one of Daniel Walsh's blog posts to sandbox firefox and don't remember it being that bad, but that was well over a year ago. Since he maintained selinux for RedHat for a number of years, ... he probably knows what he is talking about. He was always on top of selinux reported bugs. You may want to check out Qubes-OS. Qubes-OS is based on Fedora by the creator of bluepill guestOS to hypervisor code. On Thu, Dec 6, 2012 at 8:05 PM, David McGuffey <davidmcguffey at verizon.net>wrote: > Moat of the advanced persistent threats (APT) are initiated via e-mail. > Opening an attachment or clicking on a web link starts the process. > > Why isn't Firefox and Evolution confined with SELinux policy in a way > that APT can't damage the rest of the system? Why are we not sandboxing > these two apps with SELinux? > > I've discovered some guidance for sandboxing Firefox using the 'sandbox' > command. Once I test it a bit, I'll post the results back here. Seems > to me that if this works, it should be the default. > > DaveM > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >