From: russell@coker.com.au (Russell Coker) Date: Sun, 13 Nov 2011 22:48:50 +1100 Subject: [refpolicy] [PATCH v2 1/2] Support the console/graphical links browser In-Reply-To: <20111113111250.GA16421@siphos.be> References: <20111113093714.GA16792@siphos.be> <201111132112.58117.russell@coker.com.au> <20111113111250.GA16421@siphos.be> Message-ID: <201111132248.50639.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 13 Nov 2011, Sven Vermeulen wrote: > On Sun, Nov 13, 2011 at 09:12:57PM +1100, Russell Coker wrote: > > Why do we need separate domains for links and other browsers? > > When do you consider the need for separate domains and not? An earlier > discussion on nginx versus apache was in the direction of a separate domain > for nginx because it did some stuff that apache couldn't. Most of the stuff that Apache and Nginx do are the same. Having separate policy will lead to more duplication of work. If we want to protect web servers from each other then I think we should do what we did ages ago with SSH and have a template for the base functionality that is instantiated for each one. > Likewise, I can argue that the mozilla module does more than links, so why > use a much more elaborate policy for a small application? Given that links is described as using an X display the amount of extra functionality can't be that great. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/