From: guido@trentalancia.com (Guido Trentalancia)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 5/34]: patch to label XDG config files and allow policykit to use them
Date: Wed, 16 Feb 2011 22:28:08 +0100 [thread overview]
Message-ID: <1297891688.5067.7.camel@tesla.lan> (raw)
In-Reply-To: <20110216205154.GB5937@siphos.be>
Hello Sven,
thanks for your comments.
Yes, in practice, anything other than generic user_home_t is fine.
So, for example, user_xdg_config_t could be used and perhaps the naming
is more appropriate (as formally it's XDG shared with Gnome), but there
is a lack of interfaces for that (i.e. the equivalent of
gnome_read_config()).
Feel free to provide an alternative patch in place of [5/34] that I
proposed.
The important is that .config is not labeled generically and that
policykit can read its content (I believe it only needs to
read .config/user-dirs.*) !
Regards,
Guido
On Wed, 16/02/2011 at 21.51 +0100, Sven Vermeulen wrote:
> On Wed, Feb 16, 2011 at 07:00:59AM +0100, Guido Trentalancia wrote:
> > This patch labels HOME_DIR/\.config as gnome_home_t and then
> > allows policykit to read such kind of files.
>
> Afaik, this location is used by much more than gnome applications. I don't
> have GNOME installed but it is still there for things like XFCE4, epdfview,
> zathura etc.
>
> The .config location seems to be part of the XDG Base Directory
> Specification (I believe dgrift once referred me to this), independent of
> GNOME.
>
> Perhaps it is more wise to call it user_config_t or user_xdg_config_t (and
> xdg_config_t for /etc/xdg etc.)? That way, the necessary privileges can be
> offered in an XDG-specific set of interfaces for all applications adhering
> to this specification (rather than using gnome_* interfaces even though they
> are not GNOME related).
>
> Wkr,
> Sven Vermeulen
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
prev parent reply other threads:[~2011-02-16 21:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-16 6:00 [refpolicy] [PATCH 5/34]: patch to label XDG config files and allow policykit to use them Guido Trentalancia
2011-02-16 20:51 ` Sven Vermeulen
2011-02-16 20:56 ` Daniel J Walsh
2011-02-16 21:28 ` Guido Trentalancia [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1297891688.5067.7.camel@tesla.lan \
--to=guido@trentalancia.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.