On Thu, 20 Jul 2006 10:28:09 EDT, Matthew Miller said: > On Thu, Jul 20, 2006 at 05:38:49AM -0400, Valdis.Kletnieks@xxxxxx wrote: > > serve as a starting point. One *big* constraint you can put on it is > > to prevent looking at any files in /home except ~/.mozilla and ~/Downloads > > (or whatever you decide to call it) (Some finessing to allow reading of > > ~ so you can get to ~/.mozilla is a Good Idea :) > > If Firefox is restricted to downloading to only specific directories, the > option to change the default download directory should be removed from the > UI. I'm not sure that's desirable. You're *still* going to need that option, because Firefox may not be restricted in all environments, and the actual directory name may not be cast in stone (in particular, the policy has this: HOME_DIR/\.mozilla(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0) Any other directory labelled as ROLE_mozilla_home_t will work as well (and in fact, I have several such directories - a ~/Downloads where most small stuff goes, and another directory on another filesystem for downloading .iso and similar....)
Attachment:
pgp7nBjeV7SbS.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
