FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Jul 2016
    Location
    USA
    Posts
    2

    SELinux -- working the magic

    My dream is that I'll one day have an SELinux profile for Firefox. Most SELinux resources I find basically say something to the effect of "leave it to the professionals." Maybe there's some SELinux profile out there for this?

    I know SELinux provides a sandbox mode, but it seems too restrictive for me. I think a profile that would allow writing to the downloads folder but deny pretty much everything else would be excellent from a security perspective.

    Web browsers are constantly parsing untrusted code, which makes them the most likely security flaw on the system. Locking it down with SELinux would be tremendous.

  2. #2
    Join Date
    Aug 2011
    Location
    ~
    Posts
    1,900

    Re: SELinux -- working the magic

    The problem is that SELinux is whitelist only and label based.
    This means that you would need to label everything with some distinctive label (currently the directories in my home are all user_home_t) and then adapt all your profiles to allow actions on those labels.
    It can definitely be done but it is unnecessarily complex for most home users to manually do this and maintain the SELinux modules.

    If you want to easily sandbox certain programs and don't require something that can keep track what process writes which piece of information then I can recommend firejail (it is in copr and the installation basically only requires that you make the firejail executable SUID).

Similar Threads

  1. SELInux - module not working
    By bill2012 in forum Security and Privacy
    Replies: 13
    Last Post: 9th January 2012, 01:55 PM
  2. Apple Magic Trackpad not working properly
    By mrguitar in forum Mac Chat
    Replies: 1
    Last Post: 30th September 2010, 08:00 PM
  3. SELinux is stopping apps from working...
    By Jeff91 in forum Using Fedora
    Replies: 3
    Last Post: 25th January 2009, 11:50 PM
  4. Replies: 13
    Last Post: 18th June 2005, 11:24 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •