Thank you, unknown genius!
Rahul Sundaram
sundaram at fedoraproject.org
Sat Apr 12 23:17:45 UTC 2008
Les Mikesell wrote:
>>
>> I already gave you the link earlier. Nspluginwrapper is installed by
>> default which can run plugins in a separate memory address making it
>> possible to confine it by policy. If a flash plugin tries to access
>> files under .ssh for example, SELinux policy can prevent that as a
>> obvious violation.
>
> That hasn't been released yet has it?
It is available in rawhide and will be part of Fedora 9 release at the
end of this month. I am not sure whether it is getting backported to
previous releases but probably not.
Are there policies that actually
> do something useful that are known not to break anything?
Sure it does. Again read the link at
http://danwalsh.livejournal.com/15700.html#cutid1
Rahul
More information about the fedora-list
mailing list