[ubuntu-hardened] Ideas outside the SELinux box
education.kills at gmail.com
Fri Feb 15 00:42:58 GMT 2008
> Unfortunately, coarse-grained segregation like this usually doesn't really
> work well. Firefox would need to access some things under your normal user.
> This is a lot more than a shared directory; this also involves talking to
> the window manager (which is running as the user you logged in as), reading
> preferences (both from .mozilla and from things like gconf), talking to the
> user dbus, etc. That's why something more fine-grained that lets you allow
> some things but disallow everything else (like SELinux) is useful.
After copying over my .Xauthority file to the ff user dir (not sure if
this was necessary) and my .mozilla folder and this shell script handled
sudo -b -u ff -H /usr/bin/firefox
Although for the life of me I cannot get it to run w/o entering my sudo
password. I have a post about it here:
if you're interested. But I do agree SELinux is a better solution, no
argument there. I'm just thinking about viable alternatives until
integration is complete.
More information about the ubuntu-hardened