-----BEGIN PGP SIGNED MESSAGE-----
On 03/26/2011 03:32 PM, Christoph A. wrote:
this post might be of interest for you if since today's update in F13
specific sandboxes are no longer working.
I used to open files from the internet via sandboxes.
For example firefox uses the following bash script to open pdf files:
sandbox -X -w 1432x821 evince "$*"
This is from originally from Dan's blog:
Since today, this no longer works due to changes in the handling of /tmp
(firefox stores the downloaded file in /tmp).
Today the policycoreutils packages was updated (2.0.83-33.7.fc13.x86_64).
The changes mention the handling of /tmp:
"fix to sandbox - Fix seunshare to use more secure handling of /tmp -
Rewrite seunshare to make sure /tmp is mounted stickybit owned by root"
which is probably related to Tavis Ormandy's post on FD
I worked around the issue and modified the bash script:
cp "$*" ~/.tmp
sandbox -X -w 1432x821 evince "/home/user/.tmp/`basename $*`"
This quick hack works for me, but maybe there is a nicer way ;)
selinux mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----