Announcement the se-sandbox-runner
Daniel J Walsh
dwalsh at redhat.com
Tue Aug 27 19:38:55 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/27/2013 03:32 PM, Fl at sh wrote:
> On Mon, 26 Aug 2013 15:30:48 -0400 Daniel J Walsh <dwalsh at redhat.com>
> wrote:
>
>> You misspelled "Secuity Level"
>>
> Could you describe in more detail a cases (or with which keys) in which the
> Security Level can to be used ? And as I now realize, I should to add into
> the "Security Level" ComboBox value "Random" (or "Default")?
>
Well in most cases Dynamic should be used. If you had a static directory that
you wanted to use with a sandbox then you might want to choose a MCS Category
to permanently assign to it.
Say you created ~/myfirefoxhome. Then you could assign it the labels s0:c111,c222
chcon -t sandbox_file_t -l s0:c111,c222 ~/myfirefoxhome
Now you would want to allow the user to specify the permanant homedir and the
level s0:c111,c222 to run his sandbox.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIdAE8ACgkQrlYvE4MpobPi2wCeI18+c0LLZbmd+PugwiXJCvkV
2MYAn1E+Tu+1MWF+FFwDxWM9MmpkHleE
=q2BH
-----END PGP SIGNATURE-----
More information about the selinux
mailing list