On 07/30/2017 03:56 PM, Paul Allen Newell wrote: > > > On 07/24/2017 01:13 AM, Bob Goodwin wrote: >> On 07/23/17 20:34, Ed Greshko wrote: >>> First, I hardly ever use firefox. I have it set up to use a network proxy for a >>> specific use case that I occasionally need. With that in mind. >>> >>> My "thought" process and diagnosis when about like this.... .... Snip .... >> + >> >> I can probably do this in the event of another similar problem and have saved this >> to my notes. >> >> Thank you >> > > After going through this thread and looking at Ed's replies as to "what to do" > (being "setsebool -P unconfined_mozilla_plugin_transition 0"), I went back to my > "NVidia instead of nouveau" issues (which included a thread with Ed explaining to > me some stuff I did not understand). > > Ed's suggestion of "setsebool -P unconfined_mozilla_plugin_transition 0" is exactly > what SELinux advises me to do now that I have NVidia instead of nouveau installed > when dealing with Firefox issues. The selinux issue with the firefox plugin has no relationship to either nVidia, nouveau, or any other video driver. > > Am I to gather the this "setsebool -P unconfined_mozilla_plugin_transition 0" > suggestion pretty much is a global statement to say "*anything* that SELinux pings > in anything dealing with Firefox" will be ignored once this setsebool rule is enacted? No. It only has to do with the mozzilla plugin.... [root@meimei ~]# semanage boolean -l | grep mozilla_plugin_tran unconfined_mozilla_plugin_transition (on , on) Allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container. Which basically would control what processes can be executed by the plugin. > > Not making value judgment with that statement, just trying to understand how big > the scope of that SELinux rules is. For the record, I have not granted that > exception as I have yet to see any problem with NVidia and Firefox that requires an > intervention. I guess I'm a bit confused. In your second paragraph you said ""setsebool -P unconfined_mozilla_plugin_transition 0" is exactly what SELinux advises me to do now that I have NVidia instead of nouveau installed when dealing with Firefox issues." But now you've said " I have not granted that exception as I have yet to see any problem with NVidia and Firefox that requires an intervention." But, again, the selinux messages we're talking about here have no relationship to the video hardware or driver in use. You may not hit an issue so you may not need to make the change. In the case of going to puzzles.usatoday.com, running the flash plugin and then trying to print the plugin isn't being allowed access to information about printers.....it would seem. If you hit an issue that requires you change the boolean (and chances are you won't know it unless you disable dontaudit) and you are concerned about a security risk I would ask on the selinux mailing list. They have the expertise. I -- Fedora Users List - The place to go to speculate endlessly
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
