[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: writing a firefox policy

On Thu, 20 Jul 2006 10:28:09 EDT, Matthew Miller said:
> On Thu, Jul 20, 2006 at 05:38:49AM -0400, Valdis Kletnieks vt edu wrote:
> > serve as a starting point.  One *big* constraint you can put on it is
> > to prevent looking at any files in /home except ~/.mozilla and ~/Downloads
> > (or whatever you decide to call it) (Some finessing to allow reading of
> > ~ so you can get to ~/.mozilla is a Good Idea :)
> If Firefox is restricted to downloading to only specific directories, the
> option to change the default download directory should be removed from the
> UI. I'm not sure that's desirable.

You're *still* going to need that option, because Firefox may not be restricted
in all environments, and the actual directory name may not be cast in stone (in particular,
the policy has this:

HOME_DIR/\.mozilla(/.*)?                gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)

Any other directory labelled as ROLE_mozilla_home_t will work as well (and in
fact, I have several such directories - a ~/Downloads where most small stuff
goes, and another directory on another filesystem for downloading .iso and

Attachment: pgpm8Iz4HIijj.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]