No need for AV tools on Linux, eh?
Robert Nichols
rnicholsNOSPAM at comcast.net
Sat Feb 12 21:39:03 UTC 2011
On 02/12/2011 11:15 AM, Bruno Wolff III wrote:
>
> Most of selinux enforcement is targeted at services and a few user tools
> that commonly process untrusted data (in particular firefox).
Firefox, really?
$ ps Zax | grep firefox
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 8847 ? S 0:00 /bin/sh
/usr/lib/firefox-3.6/run-mozilla.sh /usr/lib/firefox-3.6/firefox
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 8864 ? Sl 0:01
/usr/lib/firefox-3.6/firefox
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 8880 pts/0 S+ 0:00
$ rpm -qa selinux\*
selinux-policy-3.9.7-29.fc14.noarch
selinux-policy-targeted-3.9.7-29.fc14.noarch
Looks about as unconfined as a process can get. This is from a up-to-date
FC-14 running with the default, targeted policy.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the users
mailing list