Re: Running Tor Browser Bundle in a sandbox / creating a (modified) copy of sandbox_net_t

fedorauser <fedorauser@xxxxxxxxxxx> · Thu, 29 Aug 2013 12:01:58 +0000

The quickest (but dirty) fix seams to be to configure TBB to bind to
another port (I used 9152 instead of tcp/9150).
Changing the SocksPort in TBB's torrc + nis_enabled works for me, but I
will build a new sandbox domain anyway.

In the end I'd like to have sandbox type that is able to run TBB out
of the box without nis_enabled.

(Why is 9150 in tor_port_t anyway? Tor uses 9050 by default. Are there
other common configurations that use 9150 for tor?)

I tried to create a copy of sandbox_net_t (with different name) by
copying the "sandbox_net_client_t local policy" section from
sandboxX.te [1] and the "sandbox_x_domain_template(sandbox_net)" -
line, but failed (typeattribute line).

What would be *the* way to create a (renamed) copy of sandbox_net_t?
(I'd prefer just to create an exact copy instead of approximating the
domain via audit2allow runs.)

After having an exact copy I'd add allow rules to cover binding to
tcp/9150.

thanks!

[1]
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/sandboxX.te?h=f19-contrib#n455

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSHzg2AAoJEHgmGhf8XKddAT8IAJXzW/G2fV2h4GMc8VrXOIWI
vo0nGCg5sPsm0xkJrpTc/bAnbK9Vh+gEytzkK/uUoupalWa0onrQSKJB7z8j7xd7
LwOf2dsLqkmJrRXZDqZtr2YrQLKwEvilyvI+zXxfhmpMW9kyFCcjVOjk0CHB5haZ
Ji0nxBBuWY3ubrHxp+JhWFtKLIfkjrLDFPQCL8uh5ps6qAuPCzbpNBCGVoQXlrG3
A02ulM2bwacFU0XQhhYItKeVmxdeg4t85n076gLOGlAHVapeOtMwOOx4d1BGtt5j
pr0LsYudP57M9Zzmdrwlb2GYKEOXPIhWJf9TRqK9+G9xHsXQIKrVzGl/NA2so88=
=6ZuU
-----END PGP SIGNATURE-----

-------------------------------------------------

VFEmail.net - http://www.vfemail.net
$14.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux