-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rahul Sundaram wrote:
Daniel J Walsh wrote:
> During the Beta I have been turning on a transition boolean for
> nsplugin. This transition is from unconfined_t to nsplugin_t. The
> attempt here is to confine random code like flashplugin/acrobat and
> other closed source programs that read random data from the internet
> from attacking your machine. I have to turn it on by default in
> Rawhide/Beta to find out what problems it causes. I will probably turn
> it off when we release, to prevent it causing problems, for people
> like you.
>
> I write about the change in
>
>
danwalsh.livejournal.com/15700.html
>
> This is a potential real security gain from this, but we need to
> experiment to figure out how we can benefit the greatest number of users.
>
> I agree we need to tread lightly when adding new SELinux confinement, to
> the users but we still have an ability that could really advance
> computer security.
Please send a note to fedora-devel/fedora-test list when making
important changes like this so people know what to expect and can give
feedback accordingly.
Rahul
Well I actually misspoke, this has been on for the entire Rawhide period
after FC8 shipped. I will be turning it off by default with the
shipping Fedora 9.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkf3lRIACgkQrlYvE4MpobP8aACggcAiO5aS/jowKe3qyYMSWyi6
ISIAoIXPTjBP5qvJz/MR8ClDSKWCoSBg
=wCAu
-----END PGP SIGNATURE-----