On Thu, 2016-01-07 at 15:57 -0500, Daniel J Walsh wrote: > The only confinement for firefox/chrome right now is around their > plugins. If epiphany uses a separate processes > to try to sandbox them, we could wrap it with SELInux. Yes, we have /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess and /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess2 (alternative version, linked to GTK+ 2 to make Flash work). Maybe the same policy you use for Chrome and Firefox would apply well to WebKit? Michael -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxxx
