Re: Would selinux have provided protection against this firefox exploit?

On 08/08/15 08:30, William Brown wrote: > On Sat, 2015-08-08 at 08:26 +0800, Ed Greshko wrote: >> Not being a student of selinux I wonder if it would have protected users and >> the system against the recently discovered firefox exploit. >> >> https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the... >> / >> > Normally firefox would run in your users context (unconfined_t), so no, this > would not have prevented it. > > Unless you run a confined user, or firefox in a sandbox, these may have limited > the scope of the damage.

Thank you. Follow up. How about system files such as /etc/passwd ?