SELinux 샌드박스에서 Firefox를 실행하려면 다음 스크립트를 사용하세요.
Random variables for directories, Allowing multiple instances
SEhome=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
SEtemp=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
mkdir /tmp/sehome.$SEhome
mkdir /tmp/setemp.$SEtemp
# run sandbox instance
sandbox -X -H /tmp/sehome.$SEhome -T /tmp/setemp.$SEtemp -t sandbox_web_t -t sandbox_net_t -w 3440x1440 firefox --no-remote
# destroy temporary directories
rm -rf /tmp/sehome.$SEhome
rm -rf /tmp/setemp.$SEtemp
Fedora 38부터 오디오가 더 이상 작동하지 않습니다.
Audit2allow -s는 조용하며 로그에서 많은 내용을 찾을 수 없습니다:
/var/log/messages
May 25 18:31:14 localhost dbus-broker[1899]: A security policy denied :1.1206 to send method call /org/freedesktop/RealtimeKit1:org.freedesktop.DBus.Properties.Get to org.freedesktop.RealtimeKit1.
May 25 18:31:14 localhost rsyslogd[1821]: imjournal: 27485 messages lost due to rate-limiting (20000 allowed within 600 seconds)
/var/log/audit/audit.log
type=CRED_ACQ msg=audit(1685032214.075:23247): pid=25443 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/2 res=success'UID="delta" AUID="delta"
type=USER_START msg=audit(1685032214.107:23248): pid=25443 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/2 res=success'UID="delta" AUID="delta"
type=SERVICE_START msg=audit(1685032231.705:23249): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=pcscd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1685032239.160:23250): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=BPF msg=audit(1685032239.168:23251): prog-id=7441 op=UNLOAD
어디서부터 시작해야 할지에 대한 아이디어가 있나요? 나는 Linux에 어느 정도 능숙하다고 생각하지만 SElinux 매니아는 아닙니다.