Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Help with sandboxing browsers
wearetheborg
 Posted: Sep 17 2012, 04:17 AM
Quote Post


SLF Geek
****

Group: Members
Posts: 249
Member No.: 18
Joined: 11-April 11









I want to do the following:

For firefox, I want firefox to ONLY be able to read/write from two specified directories.

How can I set this up? Is there a tutorial?

--------------------
PM
^
zxq9
 Posted: Sep 18 2012, 05:29 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 321
Member No.: 611
Joined: 5-August 11









Driveby answer...

I am pretty sure that would require a rebuild, at a minimum. The next bit would be enforcing it with an SELinux policy. Neither is impossible. If you really want to sandbox Firefox you will need to rebuild it in a way that doesn't require exmem access (which is ridiculous for a browser to need anyway, but both Chrome and Firefox demanded it the last time I checked...) and enforce that with an SELinux policy as well.
PMEmail PosterUsers Website
^
joka
 Posted: Sep 18 2012, 10:16 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 172
Member No.: 107
Joined: 28-April 11









QUOTE (wearetheborg @ Sep 17 2012, 05:17 AM)
I want to do the following:

For firefox, I want firefox to ONLY be able to read/write from two specified directories.

How can I set this up? Is there a tutorial?


I think yes, here: http://scientificlinuxforum.org/index.php?showtopic=1441&view=findpost&p=10094
PM
^
wearetheborg
 Posted: Sep 23 2012, 12:34 AM
Quote Post


SLF Geek
****

Group: Members
Posts: 249
Member No.: 18
Joined: 11-April 11









Thanks!!!! I had totally forgotten about it!!!!!!!!!!!

--------------------
PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll