Announcement the se-sandbox-runner
Fl at sh
Fl at sh
Wed Aug 28 08:40:22 UTC 2013
On Tue, 27 Aug 2013 15:38:55 -0400
Daniel J Walsh <dwalsh at redhat.com> wrote:
> Well in most cases Dynamic should be used. If you had a static directory that
> you wanted to use with a sandbox then you might want to choose a MCS Category
> to permanently assign to it.
>
> Say you created ~/myfirefoxhome. Then you could assign it the labels s0:c111,c222
>
> chcon -t sandbox_file_t -l s0:c111,c222 ~/myfirefoxhome
>
> Now you would want to allow the user to specify the permanant homedir and the
> level s0:c111,c222 to run his sandbox.
That is, if homedir and tempdir labels are different, so
must specify labels for each directory?
Example:
sandbox .... -l s0:c<HomeDir_conext1>,c<HomeDir_conext2>
-l s0:c<TempDir_conext1>,c<TempDir_conext2> ...
--
Fl at sh
More information about the selinux
mailing list