1286177 – RFE: Review and turn mozilla_plugin_can_network_connect boolean on

Bug 1286177 - RFE: Review and turn mozilla_plugin_can_network_connect boolean on

Summary: RFE: Review and turn mozilla_plugin_can_network_connect boolean on

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-27 12:19 UTC by Miroslav Grepl
Modified:	2016-01-21 15:14 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.13.1-161.fc24
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-01-21 15:14:06 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Miroslav Grepl 2015-11-27 12:19:35 UTC

Description of problem:

Currently a lot of SELinux policy bugs are caused by random firefox plugins trying to connect to random ports. We have a boolean for these cases which is turned off by default. With this boolean we block some ports but some ports are already allowed by default.

mozilla_plugin_can_network_connect (off  ,  off)  Allow mozilla plugin domain to connect to the network using TCP.

This bug suggests turned this boolean on by default so this basic plugin functionality is not blocked by SELinux but it still keeps a plugin isolation.

Note You need to log in before you can comment on or make changes to this bug.