On Thu, 2008-07-17 at 22:39 +0000, Justin Mattock wrote: > I'm trying to tighten up firefox, from what I can see over here: I do not encourage people to run Firefox as sysadm_t, and i recommend you use staff_t as your default domain. Sysadm_t is a domain specific just for sysadmin tasks. Plus sysadm_t is being (kind of) replaced by unconfined_t in the targeted policy. Also i think sysadm, user and staff do not transition once they run Firefox, but that they run Firefox in the user domain by default. In Fedora 9 only xguest_t domain by default can run Firefox in the Mozilla domain by setting the boolean. However Nsplugin is now by default confined to the nsplugin_t domain and so even though you may not transition to mozilla_t as staff or user, you will still be protected by nsplugin_t. To see in what domain Firefox is running execute ps auxZ | grep -i firefox. -- Dominick Grift <domg472@xxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
