Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 25/26 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 27th July 2016, 03:35 PM
Hiram Abif Offline
Registered User
 
Join Date: Jul 2016
Location: USA
Posts: 2
linuxchrome
SELinux -- working the magic

My dream is that I'll one day have an SELinux profile for Firefox. Most SELinux resources I find basically say something to the effect of "leave it to the professionals." Maybe there's some SELinux profile out there for this?

I know SELinux provides a sandbox mode, but it seems too restrictive for me. I think a profile that would allow writing to the downloads folder but deny pretty much everything else would be excellent from a security perspective.

Web browsers are constantly parsing untrusted code, which makes them the most likely security flaw on the system. Locking it down with SELinux would be tremendous.
Reply With Quote
  #2  
Old 27th July 2016, 06:05 PM
Dutchy Offline
Registered User
 
Join Date: Aug 2011
Location: ~
Posts: 1,894
linuxfedorafirefox
Re: SELinux -- working the magic

The problem is that SELinux is whitelist only and label based.
This means that you would need to label everything with some distinctive label (currently the directories in my home are all user_home_t) and then adapt all your profiles to allow actions on those labels.
It can definitely be done but it is unnecessarily complex for most home users to manually do this and maintain the SELinux modules.

If you want to easily sandbox certain programs and don't require something that can keep track what process writes which piece of information then I can recommend firejail (it is in copr and the installation basically only requires that you make the firejail executable SUID).
Reply With Quote
Reply

Tags
magic , selinux , working

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SELInux - module not working bill2012 Security and Privacy 13 9th January 2012 01:55 PM
Apple Magic Trackpad not working properly mrguitar Mac Chat 1 30th September 2010 08:00 PM
SELinux is stopping apps from working... Jeff91 Using Fedora 3 25th January 2009 11:50 PM
heroes3 (Heroes of Might and Magic III) not working under FC3 sg_sg Using Fedora 13 18th June 2005 11:24 AM


Current GMT-time: 09:30 (Wednesday, 18-10-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat