Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Things i Hate (Or: Rants by an Old Man)
The Lounge What is on Your Mind? Things i Hate (Or: Rants by an Old Man) Post 303030525 by stomp on Tuesday 12th of February 2019 10:28:41 AM
Old 02-12-2019
The rise of complexity is in many places:

Here in DNS: Growth of RFC Pages count for DNS is about 2 pages/week:
“The DNS Camel”, or, the rise in DNS complexity | PowerDNS Blog

Quote: The speed we are surrounding us with uncontrolled and uncontrollable technologies is from my point a view a precursor of the apocalypse.

Another one is Google's QUIC aka HTTP/3:

Very Complex. And since we are on the way to full dominance of google-chrome in the webbrowsers(microsoft gave up fully own developed browser not long ago and using chromium(=chrome-based) open source instead. So they are dependant to whatever google delivers), google just implements it in chrome and then it's there. Probably webserver projects will follow.
Last edited by stomp; 02-12-2019 at 12:06 PM..
This User Gave Thanks to stomp For This Post:
RudiC
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Don't hate me because I'm stupid...

Hi all, I don't know the first thing about Unix, but I would like to learn. I would like to know what the difference between Linux and Unix is, and where I can obtain a copy of either. Thanks :o (8 Replies)
Discussion started by: ThisIsNewToMe
8 Replies

2. UNIX for Dummies Questions & Answers

i hate gtk and kde!

i don't want to install any themes, but i do want to get rid of the god awful color scheme it defaults to. i've tried editing /usr/X11R6/share/themes/Default/gtk-2.0/gtkrc, but to no avail. i've also changed, and even removed the .gtkrc-kde that kde generates automatically, also to no avail. ... (12 Replies)
Discussion started by: brandan
12 Replies

3. Programming

Complicating things?

So basically what im trying to do is ... Open file, read that file, than try to find .. We or we and replace them with I, but not replace the cases where words contain We or we, such as Went, went, etc a and replace them with the, but not replace the cases where words contain a, such as... (1 Reply)
Discussion started by: bconnor
1 Replies

4. Programming

Question about several things in C

Hey guys, first of all I'd like to say Hi to everyone. I am new here and this is my first post. I have a question about some C stuff. I am in Computer Science and I have an assignment for a UNIX Applications course. It is really complicated, however. We're using the C language for this and... (1 Reply)
Discussion started by: V4D3R
1 Replies

5. Shell Programming and Scripting

I hate SED - please help!!

Hi all I have been googling for ages but with no prevail hence this new thread. I would like to add a new line after a particular text string. For example, assume the original file contains the following text: .. line1 line2 line3 .. I would like to insert the text string... (3 Replies)
Discussion started by: robbiegregg
3 Replies

6. UNIX for Dummies Questions & Answers

Just trying to find out a few things ....

Hi everyone Just a couple of quick questions if I may. Can I ask what is meant by "flavours"?? I've come across it many times in the forums and I'm guessing that it is a variery of either Linux or UNIX (I know nil about either) which has developed but not really got a clue. ... (1 Reply)
Discussion started by: Tiramisu
1 Replies

7. UNIX for Dummies Questions & Answers

things root can't do

Hey all my co-workers and I are trying to put together a list of things root "Can't" do on any *NIX OS, so I wanted to come here and see what all we could come up with. Here are two to start this off: write to a read only mount FS kill a tape rewind Please add what you know. Thanks,... (5 Replies)
Discussion started by: sunadmn
5 Replies

8. Solaris

man and ldm man

According to Sun documentation (Ldoms 1.1 Administration Guide), To access the ldm(1M) man page, add the directory path /opt/SUNWldm/man to the variable $MANPATH. When I add the lines: MANPATH=$MANPATH:/opt/SUNWldm/man export MANPATH to .profile, exit root and re-login, I would have "man ldm"... (5 Replies)
Discussion started by: StarSol
5 Replies

LEARN ABOUT CENTOS

chrome_sandbox_selinux

chrome_sandbox_selinux(8)				   SELinux Policy chrome_sandbox				 chrome_sandbox_selinux(8)

NAME

       chrome_sandbox_selinux - Security Enhanced Linux Policy for the chrome_sandbox processes

DESCRIPTION

       Security-Enhanced Linux secures the chrome_sandbox processes via flexible mandatory access control.

       The chrome_sandbox processes execute with the chrome_sandbox_t SELinux type. You can check if you have these processes running by executing
       the ps command with the -Z qualifier.

       For example:

       ps -eZ | grep chrome_sandbox_t

ENTRYPOINTS

       The chrome_sandbox_t SELinux type can be entered via the chrome_sandbox_exec_t file type.

       The default entrypoint paths for the chrome_sandbox_t domain are the following:

       /opt/google/chrome/chrome-sandbox, /usr/lib/chromium-browser/chrome-sandbox

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux chrome_sandbox policy is very flexible allowing users to  setup  their
       chrome_sandbox processes in as secure a method as possible.

       The following process types are defined for chrome_sandbox:

       chrome_sandbox_t, chrome_sandbox_nacl_t

       Note:  semanage	permissive  -a	chrome_sandbox_t  can  be used to make the process type chrome_sandbox_t permissive. SELinux does not deny
       access to permissive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  chrome_sandbox policy is extremely flexible and has several  booleans  that
       allow you to manipulate the policy and run chrome_sandbox with the tightest access possible.

       If  you	want  to  deny	any  process  from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load modules, you must turn on  the	domain_kernel_load_modules  boolean.  Disabled	by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default.

       setsebool -P nscd_use_shm 1

       If  you	want  to  allow  regular  users  direct dri device access, you must turn on the selinuxuser_direct_dri_enabled boolean. Enabled by
       default.

       setsebool -P selinuxuser_direct_dri_enabled 1

       If you want to allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox, you must turn on the  uncon-
       fined_chrome_sandbox_transition boolean. Enabled by default.

       setsebool -P unconfined_chrome_sandbox_transition 1

       If you want to support ecryptfs home directories, you must turn on the use_ecryptfs_home_dirs boolean. Disabled by default.

       setsebool -P use_ecryptfs_home_dirs 1

       If you want to support fusefs home directories, you must turn on the use_fusefs_home_dirs boolean. Disabled by default.

       setsebool -P use_fusefs_home_dirs 1

       If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean. Disabled by default.

       setsebool -P use_nfs_home_dirs 1

       If you want to support SAMBA home directories, you must turn on the use_samba_home_dirs boolean. Disabled by default.

       setsebool -P use_samba_home_dirs 1

       If  you	want  to  allows clients to write to the X server shared memory segments, you must turn on the xserver_clients_write_xshm boolean.
       Disabled by default.

       setsebool -P xserver_clients_write_xshm 1

       If you want to support X userspace object manager, you must turn on the xserver_object_manager boolean. Enabled by default.

       setsebool -P xserver_object_manager 1

MANAGED FILES

       The SELinux process type chrome_sandbox_t can manage files labeled with the following file types.  The paths listed are the  default  paths
       for these file types.  Note the processes UID still need to have DAC permissions.

       cgroup_t

	    /cgroup(/.*)?
	    /sys/fs/cgroup(/.*)?

       chrome_sandbox_home_t

	    /home/[^/]*/.cache/chromium(/.*)?
	    /home/[^/]*/.cache/google-chrome(/.*)?

       chrome_sandbox_tmp_t

       chrome_sandbox_tmpfs_t

       cifs_t

       home_cert_t

	    /root/.pki(/.*)?
	    /root/.cert(/.*)?
	    /home/[^/]*/.kde/share/apps/networkmanagement/certificates(/.*)?
	    /home/[^/]*/.pki(/.*)?
	    /home/[^/]*/.cert(/.*)?

       mozilla_home_t

	    /home/[^/]*/.lyx(/.*)?
	    /home/[^/]*/.java(/.*)?
	    /home/[^/]*/.adobe(/.*)?
	    /home/[^/]*/.gnash(/.*)?
	    /home/[^/]*/.webex(/.*)?
	    /home/[^/]*/.galeon(/.*)?
	    /home/[^/]*/.spicec(/.*)?
	    /home/[^/]*/.IBMERS(/.*)?
	    /home/[^/]*/POkemon.*(/.*)?
	    /home/[^/]*/.mozilla(/.*)?
	    /home/[^/]*/.phoenix(/.*)?
	    /home/[^/]*/.icedtea(/.*)?
	    /home/[^/]*/.netscape(/.*)?
	    /home/[^/]*/.quakelive(/.*)?
	    /home/[^/]*/.ICAClient(/.*)?
	    /home/[^/]*/.macromedia(/.*)?
	    /home/[^/]*/.thunderbird(/.*)?
	    /home/[^/]*/.gcjwebplugin(/.*)?
	    /home/[^/]*/.grl-podcasts(/.*)?
	    /home/[^/]*/.cache/mozilla(/.*)?
	    /home/[^/]*/.icedteaplugin(/.*)?
	    /home/[^/]*/zimbrauserdata(/.*)?
	    /home/[^/]*/.config/chromium(/.*)?
	    /home/[^/]*/.juniper_networks(/.*)?
	    /home/[^/]*/.cache/icedtea-web(/.*)?
	    /home/[^/]*/abc
	    /home/[^/]*/.gnashpluginrc

       nfs_t

       user_fonts_cache_t

	    /root/.fontconfig(/.*)?
	    /root/.fonts/auto(/.*)?
	    /root/.fonts.cache-.*
	    /home/[^/]*/.fontconfig(/.*)?
	    /home/[^/]*/.fonts/auto(/.*)?
	    /home/[^/]*/.fonts.cache-.*

       xserver_tmpfs_t

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy  governs	the access confined processes have to these files.  SELinux chrome_sandbox policy is very flexible allowing users to setup
       their chrome_sandbox processes in as secure a method as possible.

       STANDARD FILE CONTEXT

       SELinux defines the file context types for the chrome_sandbox, if you wanted to store files with these types in a diffent paths,  you  need
       to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t chrome_sandbox_exec_t '/srv/chrome_sandbox/content(/.*)?'
       restorecon -R -v /srv/mychrome_sandbox_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for chrome_sandbox:

       chrome_sandbox_exec_t

       - Set files with the chrome_sandbox_exec_t type, if you want to transition an executable to the chrome_sandbox_t domain.

       Paths:
	    /opt/google/chrome/chrome-sandbox, /usr/lib/chromium-browser/chrome-sandbox

       chrome_sandbox_home_t

       - Set files with the chrome_sandbox_home_t type, if you want to store chrome sandbox files in the users home directory.

       Paths:
	    /home/[^/]*/.cache/chromium(/.*)?, /home/[^/]*/.cache/google-chrome(/.*)?

       chrome_sandbox_nacl_exec_t

       - Set files with the chrome_sandbox_nacl_exec_t type, if you want to transition an executable to the chrome_sandbox_nacl_t domain.

       Paths:
	    /opt/google/chrome/nacl_helper_bootstrap, /usr/lib/chromium-browser/nacl_helper_bootstrap

       chrome_sandbox_tmp_t

       - Set files with the chrome_sandbox_tmp_t type, if you want to store chrome sandbox temporary files in the /tmp directories.

       chrome_sandbox_tmpfs_t

       - Set files with the chrome_sandbox_tmpfs_t type, if you want to store chrome sandbox files on a tmpfs file system.

       Note:  File context can be temporarily modified with the chcon command.	If you want to permanently change the file context you need to use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8),  chrome_sandbox(8),	semanage(8),  restorecon(8),  chcon(1),  sepolicy(8)   ,   setsebool(8),   chrome_sandbox_nacl_selinux(8),
       chrome_sandbox_nacl_selinux(8)

chrome_sandbox							     14-06-10						 chrome_sandbox_selinux(8)
All times are GMT -4. The time now is 02:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy