where can I find source policy for Mozilla Browser (Firefox)
Stephen Smalley
sds at tycho.nsa.gov
Mon Sep 22 14:42:28 UTC 2008
On Sat, 2008-09-20 at 15:14 -0400, yiruli at ccsl.carleton.ca wrote:
> Hi,
> Where can I find the source policy for Mozilla Firefox?
>
> From the SELinux administration tool, I see that Mozilla module has
> been loaded?
>
> But I find the following through the command "ps -Z":
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:17:34 firefox
>
> Can I say that the policy for Firefox in my machine is not enforced yet?
>
> How can I make the policy be enforced?
>
> What is the status of the policy writing for Firefox?
> In one web article, Dan said that the policy writing for Firefox has
> little success due to its variant behaviour.
Try mapping your user identity to a confined user (e.g user_u or
staff_u) via semanage login or system-config-selinux, and see if that
yields firefox running in its own domain. Fedora policy likely only
defines transition from the confined user domains to the browser domain.
Or you could add a local policy module that defines a transition from
unconfined_t to mozilla_t.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list