In policy version 3.3.1-42 a boolean browser_confine_unconfined exists to control firefox. Since version 3.3.1-51 it's gone and only one for guest exists. I checked the RPM changelog but nothing helpful. What happened to the other one? Does there also exist one for staff_t etc.?
Best regards Stefan
Stefan Schulze Frielinghaus wrote:
In policy version 3.3.1-42 a boolean browser_confine_unconfined exists to control firefox. Since version 3.3.1-51 it's gone and only one for guest exists. I checked the RPM changelog but nothing helpful. What happened to the other one? Does there also exist one for staff_t etc.?
Best regards Stefan
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No only for domains that explicitly call the mozilla_per_role_template() interface. Currently only xguest has this.
So if you wanted to add it back for unconfined_t you could build a policy module with
mozilla_per_role_template(unconfined, unconfined_t, unconfined_r)
selinux@lists.fedoraproject.org