yiruli@xxxxxxxxxxxxxxxx wrote: > Hi, > Where can I find the source policy for Mozilla Firefox? > > From the SELinux administration tool, I see that Mozilla module has > been loaded? > > But I find the following through the command "ps -Z": > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:17:34 > firefox > > Can I say that the policy for Firefox in my machine is not enforced yet? > > How can I make the policy be enforced? > > What is the status of the policy writing for Firefox? > In one web article, Dan said that the policy writing for Firefox has > little success due to its variant behaviour. What about changing the root password, then giving the customer (and other internal people) access vis sudo with an auditing shell like eash. They still have a root shell, it's just audited now. See http://www.rootprompt.org/article.php3?article=10015 If you don't have selinux, then you can also write library that logs the system calls that you want and load it with LD_PRELOAD in a script that is run via sudo. Jason -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
