"Workstation" Product defaults to wide-open firewall
fweimer at redhat.com
Mon Dec 22 10:39:48 UTC 2014
On 12/09/2014 04:32 PM, Bastien Nocera wrote:
>>>> Is it really so awful to ask a user:
>>>> "Do you want to expose Eclipse to the network ?" (of course worded
>>>> in a better way than my poor English skills can do).
>>> Probably not, but it's not implementable in the current state of
>> Do we have a way to get there ?
>> (trying to be constructive here)
> 1. Land kdbus
> 2. Implement sandboxing support, including a way for system services
> to securely identify applications talking to them, and/or block
> particular capabilities (such as network access, filesystem access, etc.)
> 3. Profit!
Alternatively, start confining unconfined_t and use the existing SELinux
Florian Weimer / Red Hat Product Security
More information about the devel