[ubuntu-hardened] Ideas outside the SELinux box
gaten
education.kills at gmail.com
Fri Feb 15 00:42:58 GMT 2008
> Unfortunately, coarse-grained segregation like this usually doesn't really
> work well. Firefox would need to access some things under your normal user.
> This is a lot more than a shared directory; this also involves talking to
> the window manager (which is running as the user you logged in as), reading
> preferences (both from .mozilla and from things like gconf), talking to the
> user dbus, etc. That's why something more fine-grained that lets you allow
> some things but disallow everything else (like SELinux) is useful.
>
> Chad
After copying over my .Xauthority file to the ff user dir (not sure if
this was necessary) and my .mozilla folder and this shell script handled
the rest:
#!/bin/bash
xhost +local:ff
sudo -b -u ff -H /usr/bin/firefox
Although for the life of me I cannot get it to run w/o entering my sudo
password. I have a post about it here:
http://ubuntuforums.org/showthread.php?s=119b74671a9c7e12883b5308948c4734&t=690102
if you're interested. But I do agree SELinux is a better solution, no
argument there. I'm just thinking about viable alternatives until
integration is complete.
More information about the ubuntu-hardened
mailing list