Re: "Workstation" Product defaults to wide-open firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/09/2014 04:32 PM, Bastien Nocera wrote:

Is it really so awful to ask a user:
"Do you want to expose Eclipse to the network ?" (of course worded
in a better way than my poor English skills can do).


Probably not, but it's not implementable in the current state of
things.


Understood.
Do we have a way to get there ?
(trying to be constructive here)


1. Land kdbus
2. Implement sandboxing support, including a way for system services
    to securely identify applications talking to them, and/or block
    particular capabilities (such as network access, filesystem access, etc.)
3. Profit!
Alternatively, start confining unconfined_t and use the existing SELinux mechanisms. 

--
Florian Weimer / Red Hat Product Security
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux