[ubuntu-hardened] Ideas outside the SELinux box

gaten education.kills at gmail.com
Fri Feb 15 00:42:58 GMT 2008


> Unfortunately, coarse-grained segregation like this usually doesn't really
> work well. Firefox would need to access some things under your normal user.
> This is a lot more than a shared directory; this also involves talking to
> the window manager (which is running as the user you logged in as), reading
> preferences (both from .mozilla and from things like gconf), talking to the
> user dbus, etc. That's why something more fine-grained that lets you allow
> some things but disallow everything else (like SELinux) is useful.
> 
> Chad

After copying over my .Xauthority file to the ff user dir (not sure if 
this was necessary) and my .mozilla folder and this shell script handled 
the rest:

#!/bin/bash
xhost +local:ff
sudo -b -u ff -H /usr/bin/firefox

Although for the life of me I cannot get it to run w/o entering my sudo 
password. I have a post about it here: 
http://ubuntuforums.org/showthread.php?s=119b74671a9c7e12883b5308948c4734&t=690102


if you're interested. But I do agree SELinux is a better solution, no 
argument there. I'm just thinking about viable alternatives until 
integration is complete.



More information about the ubuntu-hardened mailing list