Bug 1286177 - RFE: Review and turn mozilla_plugin_can_network_connect boolean on
RFE: Review and turn mozilla_plugin_can_network_connect boolean on
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
Unspecified Unspecified
high Severity medium
: ---
: ---
Assigned To: Lukas Vrabec
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-11-27 07:19 EST by Miroslav Grepl
Modified: 2016-01-21 10:14 EST (History)
5 users (show)

See Also:
Fixed In Version: selinux-policy-3.13.1-161.fc24
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-21 10:14:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miroslav Grepl 2015-11-27 07:19:35 EST
Description of problem:

Currently a lot of SELinux policy bugs are caused by random firefox plugins trying to connect to random ports. We have a boolean for these cases which is turned off by default. With this boolean we block some ports but some ports are already allowed by default.

mozilla_plugin_can_network_connect (off  ,  off)  Allow mozilla plugin domain to connect to the network using TCP.

This bug suggests turned this boolean on by default so this basic plugin functionality is not blocked by SELinux but it still keeps a plugin isolation.

Note You need to log in before you can comment on or make changes to this bug.