On Tue, Apr 10, 2012 at 11:12:48AM -0400, Daniel J Walsh wrote: > The problem with option 4 is that it is very difficult to do since the desktop > is so connected. Say we isolate firefox_t as the same as unconfined_t without > ptrace. Unless an app is current confined, I don't think there's a real need for app-specific domains - just an unconfined_except_ptrace_t one. > firefox_t can start lots of helper apps, should the helper apps run as > firefox_t or unconfined_t? If unconfined_t start office it runs as > unconfined_t if firefox starts it, it runs as firefox_t, if unconfined_t > office is running the firefox_t can cause it to open a new document, which > could somehow trigger gdb... Helper apps would all be run in the same confined domain, unless they're more restricted? Libreoffice would be a prime example of an app that you'd want to be confined. > What about the dbus session bus, Can firefox_t start a gdb session via the > session but to get around the confinement? I don't think so, no. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
