"Workstation" Product defaults to wide-open firewall

Florian Weimer fweimer at redhat.com
Mon Dec 22 10:39:48 UTC 2014

On 12/09/2014 04:32 PM, Bastien Nocera wrote:
>>>> Is it really so awful to ask a user:
>>>> "Do you want to expose Eclipse to the network ?" (of course worded
>>>> in a better way than my poor English skills can do).
>>> Probably not, but it's not implementable in the current state of
>>> things.
>> Understood.
>> Do we have a way to get there ?
>> (trying to be constructive here)
> 1. Land kdbus
> 2. Implement sandboxing support, including a way for system services
>     to securely identify applications talking to them, and/or block
>     particular capabilities (such as network access, filesystem access, etc.)
> 3. Profit!

Alternatively, start confining unconfined_t and use the existing SELinux 

Florian Weimer / Red Hat Product Security

More information about the devel mailing list