On Thu, 20 Jul 2006 10:28:09 EDT, Matthew Miller said:
On Thu, Jul 20, 2006 at 05:38:49AM -0400, Valdis.Kletnieks(a)vt.edu
wrote:
> serve as a starting point. One *big* constraint you can put on it is
> to prevent looking at any files in /home except ~/.mozilla and ~/Downloads
> (or whatever you decide to call it) (Some finessing to allow reading of
> ~ so you can get to ~/.mozilla is a Good Idea :)
If Firefox is restricted to downloading to only specific directories, the
option to change the default download directory should be removed from the
UI. I'm not sure that's desirable.
You're *still* going to need that option, because Firefox may not be restricted
in all environments, and the actual directory name may not be cast in stone (in
particular,
the policy has this:
HOME_DIR/\.mozilla(/.*)?
gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
Any other directory labelled as ROLE_mozilla_home_t will work as well (and in
fact, I have several such directories - a ~/Downloads where most small stuff
goes, and another directory on another filesystem for downloading .iso and
similar....)