On 05/26/2009 02:52 PM, Justin Mattock wrote:
On Tue, May 26, 2009 at 11:04 AM, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote:
On 05/26/2009 01:12 PM, Justin Mattock wrote:
On Tue, May 26, 2009 at 8:33 AM, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote:
For those who do not ordinarily read my blog.
http://danwalsh.livejournal.com/28545.html
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx
with
the words "unsubscribe selinux" without quotes as the message.
hey, nice article.
What are your thoughts about
flashplayer?
I myself enjoy watching T.V. through flash,
although seeing all of the avc's generated does scare me a bit.
even though the avc's are just {read, geattr, search, open}
(looked into gnash, but compiling that from source requires quit a bit)
If only flash could be as simple as watching T.V. through mplayer,
which generates far less avc's.
Flash should work with nsplugin_t if you turn on the
allow_unconfined_nsplugin_transition
boolean
You should not be seeing any avc's from this in F10/F11. You might need to
fix the labeling in your homedir.
restorecon -R -v ~/
yeah I noticed F11 was setup nicely
(you wouldn't even know there is a policy)
over here I've a home brewed distro
with just the bare essentials to run.
The policy was fetched from svn a few days ago,
firefox is the latest 3.5 beta 4(did compile a few months
ago, but found it taking half the day to do so.)
and then libflashplayer.so(with just the bare needs
gtk+,pango,libpng,libcurl) located in /usr/lib/firefox/plugins.
(probably should relocate to the home dir, and setup the restorecon
daemon)
As for the home directory, at the moment I setup namespace.so
(but since I'm the only one using the machine probably
doesn't make a difference).
As for other plugins for firefox, I did have a chance to
run nsplugin(but then with the latest system I just built
decided to leave that out, as well as mozplugger, and any
other plug-in except flash.)
ok
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
