During the Beta I have been turning on a transition boolean for
nsplugin. This transition is from unconfined_t to nsplugin_t. The
attempt here is to confine random code like flashplugin/acrobat and
other closed source programs that read random data from the internet
from attacking your machine. I have to turn it on by default in
Rawhide/Beta to find out what problems it causes. I will probably turn
it off when we release, to prevent it causing problems, for people like you.
I write about the change in
danwalsh.livejournal.com/15700.html
This is a potential real security gain from this, but we need to
experiment to figure out how we can benefit the greatest number of users.
I agree we need to tread lightly when adding new SELinux confinement, to
the users but we still have an ability that could really advance
computer security.
Please send a note to fedora-devel/fedora-test list when making
important changes like this so people know what to expect and can give
feedback accordingly.
Rahul