Russell Coker writes: > On Sun, 20 Apr 2003 17:11, Robert Bihlmeyer wrote: > > [...] Maybe these generic domains are a mistake? > > Which generic domains are you referring to? My X client domain, the games domain from the default policy. > Why do you want to add a special domain for X clients? I wanted to avoid giving user_t direct access to the X server or the DRI devices. But since I now think that this was mistaken, I now grant normal Xlib-style access to user_t, and open special domains for the programs that need DRI. > For good X security we need something like Cluster Mode Workstation > http://www.ornl.gov/~jar/cmw4me.pdf . > > A have the same problem with the games domain provided in the default > > policy (or at least in Russell's package). As is, it doesn't fit half > > the stuff in my /usr/games. > > How does it not fit them? I simply don't think it makes sense to put a class as diverse as games into one domain. Some games, need X access (provided by the default policy), some none. Some need direct video access, or want to output (in rare cases input) sound. Some need read access to game data, or r/w access to state (hiscore, save games), that may be located in a shared area or in a fixed or variable location below the user's home. Sometimes even the game data or the game itself is in a user-specified location (think: Doom WADs or Infocom zcode). Basically, I think most games should just run under user_t, and the blanket specification putting everything in /usr/games into this domain is wrong. > > On the other hand, having a domain for every teensy toy out there > > seems a bit excessive. > > Yes, it becomes a management nightmare which isn't good for security. If we had a stronger inheritance model (maybe just through m4 macros) I'm not so sure it's too hard to handle. > > BTW, can't setfiles assume some default user & role if none is given? > > Repeating system_u:object_r: a million times is superflous. > > I did that once and Steve convinced me to stop doing it. Any subject keywords or URL so I can find the arguments? -- Robbe