From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific
Date: Thu, 16 Sep 2010 17:34:16 -0400 [thread overview]
Message-ID: <4C928D58.80209@redhat.com> (raw)
In-Reply-To: <201009162313.46206.Nicky726@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/16/2010 05:13 PM, Nicky726 wrote:
> Dne ?t 16. z??? 2010 21:22:07 jste napsal(a):
>> On 09/16/2010 12:16 PM, Nicky726 wrote:
>>> Hello,
>>>
>>> while working on confinement of selected KDE apps, I came to following
>>> issue:
>>>
>>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others) are
>>> labeled as config_home_t, gconf_home_t and data_home_t all owned by gnome
>>> module. These directories are used by much more programs than just GNOME,
>>> ranging from KDE apps, pure Qt or GTK apps to for exaple ibus. User's
>>> trash is also put in one of those.
>>> Therefore I think, that the directories should be labeled with types that
>>> are owned by another application/DE unspecific module (Dominick Grift in
>>> conversation mentioned these are part of freedesktop specifications, so
>>> I guess it can be named eg. freedesktop). And their naming should also
>>> resign from application specific names, which is the case of
>>> gconf_home_t for ~/.local.
>>>
>>> Regards,
>>> Ondrej Vadinsky
>>
>> That is fine, and messages like this should go to the refpolicy mail
>> list. refpolicy at oss.tresys.com
>
> Those types seem to be part of Fedora SELinux policy, I could not find them in
> refpolicy, therefore I wrote to Fedora mailing list.
>
>> We have lots of types that have used specific applications and ended up
>> being used by other applications. We have not gone back and changed the
>> names, mainly because of the hassle. For example.
>>
>> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0
>
> Uh, ok, if you say so.
>
> Regards,
> Ondrej Vadinsky
>
BTW I am not arguing with you and since they are not in refpolicy yet,
it makes it easier to change them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkySjVgACgkQrlYvE4MpobOubQCdGzilPuXdfG14pnmZlsrkaeSu
+c0AniORKRJMkLBoYAbAynSuKCku2A8D
=F+x5
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2010-09-16 21:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <201009161816.19552.Nicky726@gmail.com>
2010-09-16 19:22 ` [refpolicy] Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific Daniel J Walsh
2010-09-16 21:13 ` Nicky726
2010-09-16 21:34 ` Daniel J Walsh [this message]
2010-09-17 7:37 ` Nicky726
2010-09-17 13:04 ` Daniel J Walsh
2010-09-18 9:42 ` Nicky726
2010-09-18 10:01 ` Dominick Grift
[not found] <mailman.1.1284829201.3561.refpolicy@oss.tresys.com>
2010-09-20 19:38 ` Nicky726
2010-09-23 17:59 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C928D58.80209@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.