[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Please disable the SELinux execstack/relro checks before FC5 final





There's an effort to limit bonobo connections from firefox to restricted domains only (no user_t/unconfined_t connections).... also challenging, because there's so many things firefox talks to, and one of them is sufficient to necessitate allowing communications channel to user_t/unconfined_t.
Isn't bonobo capable of doing exactly what we need anyway - launching applications based on required characteristics sent over a socket to its server? Maybe I'm ignorant of how those things work, but having a centralized way to launch other apps (from a different process than our own) would be very helpful to selinux.






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]