Daniel J Walsh wrote:
During the Beta I have been turning on a transition boolean for nsplugin. This transition is from unconfined_t to nsplugin_t. The attempt here is to confine random code like flashplugin/acrobat and other closed source programs that read random data from the internet from attacking your machine. I have to turn it on by default in Rawhide/Beta to find out what problems it causes. I will probably turn it off when we release, to prevent it causing problems, for people like you. I write about the change in danwalsh.livejournal.com/15700.html This is a potential real security gain from this, but we need to experiment to figure out how we can benefit the greatest number of users. I agree we need to tread lightly when adding new SELinux confinement, to the users but we still have an ability that could really advance computer security.
Please send a note to fedora-devel/fedora-test list when making important changes like this so people know what to expect and can give feedback accordingly.
Rahul -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
