On Sat, 2008-09-20 at 15:14 -0400, yiruli@xxxxxxxxxxxxxxxx wrote: > Hi, > Where can I find the source policy for Mozilla Firefox? > > From the SELinux administration tool, I see that Mozilla module has > been loaded? > > But I find the following through the command "ps -Z": > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2600 ? 00:17:34 firefox > > Can I say that the policy for Firefox in my machine is not enforced yet? > > How can I make the policy be enforced? > > What is the status of the policy writing for Firefox? > In one web article, Dan said that the policy writing for Firefox has > little success due to its variant behaviour. Try mapping your user identity to a confined user (e.g user_u or staff_u) via semanage login or system-config-selinux, and see if that yields firefox running in its own domain. Fedora policy likely only defines transition from the confined user domains to the browser domain. Or you could add a local policy module that defines a transition from unconfined_t to mozilla_t. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
