Firefox and SELinux

Update: it seems that updating the confined version of
Firefox doesn't work. To work around this, temporarily
disable SELinux before updating. Once the update process
finished, you'll need to reset the file contexts on the
files by running the command "restorecon -F -R -v
~/firefox-strict". Without doing this, Firefox will run
unconfined after the update!

This guide has been written to help people out there
creating a safe Firefox installation which is only allowed
to browse through Tor. This means no other network traffic
(eg. DNS requests, direct HTTP or FTP requests) is permitted
to be sent from the process preventing any kind of data
leakage possible by abusing the process (eg. memory leaks,
buffer overflows, bugs in the code etc). This greatly
increases the protection of your anonymity as it prevents
all attempts to send your real IP address and other
sensitive data to 3rd parties (like in the case of the
recent FH attack where IP and MAC addresses and hostnames
have been sent to a clearnet server).

Note that if you dedicated your system to the risky or
illegal activities you do (eg. you use a VM inside your
normal system or have a dual-boot setup), a better way to
defend yourself is to simply block all outbound connections
using a firewall and then configure your system to use the
SOCKS proxy of Tor to connect to HTTP hosts on the internet.
Otherwise, if you share your system between different
activities and use a RHEL-based Linux distribution, you may
follow this guide to make your browsing sessions more
secure.

First of all, SELinux is a pretty hard-to-understand thing,
so I won't go into technical details too much. Basically,
think about SELinux as an additional security layer on top
of the usual POSIX rights set on files, directories and
other filesystem objects. POSIX rights are provided to grant
read/write/execute/browse privileges for the owner user, the
owner group and "everybody else" which means anyone having a
user account on the system. SELinux extends this security
scheme by creating application domains which are strictly
separated from each other, applications from different
domains cannot access each other's resources. All processes
run in their confined security contexts (domains) which
ensures they only have access to resources they really need
access to.

To strengthen the security of the browser, I created a
policy package for firefox which permits only connections to
the SOCKS proxy of Tor. The steps below describe how to
install and use the package: