Red Hat Bugzilla – Bug 1286177
RFE: Review and turn mozilla_plugin_can_network_connect boolean on
Last modified: 2016-01-21 10:14:06 EST
Description of problem:
Currently a lot of SELinux policy bugs are caused by random firefox plugins trying to connect to random ports. We have a boolean for these cases which is turned off by default. With this boolean we block some ports but some ports are already allowed by default.
mozilla_plugin_can_network_connect (off , off) Allow mozilla plugin domain to connect to the network using TCP.
This bug suggests turned this boolean on by default so this basic plugin functionality is not blocked by SELinux but it still keeps a plugin isolation.