On Tue, 27 Aug 2013 15:38:55 -0400
Daniel J Walsh <dwalsh(a)redhat.com> wrote:
Well in most cases Dynamic should be used. If you had a static
directory that
you wanted to use with a sandbox then you might want to choose a MCS Category
to permanently assign to it.
Say you created ~/myfirefoxhome. Then you could assign it the labels s0:c111,c222
chcon -t sandbox_file_t -l s0:c111,c222 ~/myfirefoxhome
Now you would want to allow the user to specify the permanant homedir and the
level s0:c111,c222 to run his sandbox.
That is, if homedir and tempdir labels are
different, so
must specify labels for each directory?
Example:
sandbox .... -l s0:c<HomeDir_conext1>,c<HomeDir_conext2>
-l s0:c<TempDir_conext1>,c<TempDir_conext2> ...
--
Fl@sh