-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/07/2012 06:49 PM, Gordon Messmer wrote: > On 12/06/2012 06:05 PM, David McGuffey wrote: >> Why isn't Firefox and Evolution confined with SELinux policy in a way >> that APT can't damage the rest of the system? Why are we not sandboxing >> these two apps with SELinux? > > Probably mostly because when you sandbox an X11 application, you can't copy > and paste in or out of the application. Most users want to do that. > _______________________________________________ CentOS mailing list > CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos > Yes when you wrap something in sandbox, you loose the ability for these applications to communicate with the rest of the desktop. In order to secure the desktop in any real way you need to break communications, and this communications break down, hurts usability. I opt for security, and will just run evince outside my session, if I really need copy/paste. Maybe when we get to Wayland, we can make this better. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDGAnoACgkQrlYvE4MpobPYnQCfct1/1mnGEF7JxYd06ba/00hz qRgAoOQYZjU6ZvoaIk4a2gn9uKjBxsqH =Z6ei -----END PGP SIGNATURE-----