-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/17/2010 03:37 AM, Nicky726 wrote:
Dne Čt 16. září 2010 23:34:16 jste napsal(a):
> On 09/16/2010 05:13 PM, Nicky726 wrote:
>> Dne Čt 16. září 2010 21:22:07 jste napsal(a):
>>> On 09/16/2010 12:16 PM, Nicky726 wrote:
>>>> Hello,
>>>>
>>>> while working on confinement of selected KDE apps, I came to following
>>>> issue:
>>>>
>>>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others)
>>>> are labeled as config_home_t, gconf_home_t and data_home_t all owned
>>>> by gnome module. These directories are used by much more programs than
>>>> just GNOME, ranging from KDE apps, pure Qt or GTK apps to for exaple
>>>> ibus. User's trash is also put in one of those.
>>>> Therefore I think, that the directories should be labeled with types
>>>> that are owned by another application/DE unspecific module (Dominick
>>>> Grift in conversation mentioned these are part of freedesktop
>>>> specifications, so I guess it can be named eg. freedesktop). And their
>>>> naming should also resign from application specific names, which is
>>>> the case of
>>>> gconf_home_t for ~/.local.
>>>>
>>>> Regards,
>>>> Ondrej Vadinsky
>>>
>>> That is fine, and messages like this should go to the refpolicy mail
>>> list. refpolicy(a)oss.tresys.com
>>
>> Those types seem to be part of Fedora SELinux policy, I could not find
>> them in refpolicy, therefore I wrote to Fedora mailing list.
>>
>>> We have lots of types that have used specific applications and ended up
>>> being used by other applications. We have not gone back and changed the
>>> names, mainly because of the hassle. For example.
>>>
>>> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0
>>
>> Uh, ok, if you say so.
>>
>> Regards,
>> Ondrej Vadinsky
>
> BTW I am not arguing with you and since they are not in refpolicy yet,
> it makes it easier to change them.
I guess I misunderstood. You intend to eventually fix it then?
Regards
Ondrej Vadinsky
No I am saying you can suggest renames and try to get them upstream, if
you do I will convert to using them. Once they are upstream it becomes a
pain to change.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkyTZ2YACgkQrlYvE4MpobPYhgCcC4KjQQN5PYU4aIzicPI42Ab5
eXUAoKxiFq+N8WJ9ueFrO6xJTqFtOnQd
=NWgL
-----END PGP SIGNATURE-----