-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rahul Sundaram wrote: > Daniel J Walsh wrote: > >> During the Beta I have been turning on a transition boolean for >> nsplugin. This transition is from unconfined_t to nsplugin_t. The >> attempt here is to confine random code like flashplugin/acrobat and >> other closed source programs that read random data from the internet >> from attacking your machine. I have to turn it on by default in >> Rawhide/Beta to find out what problems it causes. I will probably turn >> it off when we release, to prevent it causing problems, for people >> like you. >> >> I write about the change in >> >> danwalsh.livejournal.com/15700.html >> >> This is a potential real security gain from this, but we need to >> experiment to figure out how we can benefit the greatest number of users. >> >> I agree we need to tread lightly when adding new SELinux confinement, to >> the users but we still have an ability that could really advance >> computer security. > > Please send a note to fedora-devel/fedora-test list when making > important changes like this so people know what to expect and can give > feedback accordingly. > > Rahul > Well I actually misspoke, this has been on for the entire Rawhide period after FC8 shipped. I will be turning it off by default with the shipping Fedora 9. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkf3lRIACgkQrlYvE4MpobP8aACggcAiO5aS/jowKe3qyYMSWyi6 ISIAoIXPTjBP5qvJz/MR8ClDSKWCoSBg =wCAu -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
