Re: Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific

On 09/16/2010 05:13 PM, Nicky726 wrote: > Dne Čt 16. září 2010 21:22:07 jste napsal(a): >> On 09/16/2010 12:16 PM, Nicky726 wrote: >>> Hello, >>> >>> while working on confinement of selected KDE apps, I came to following >>> issue: >>> >>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others) >>> are labeled as config_home_t, gconf_home_t and data_home_t all owned >>> by gnome module. These directories are used by much more programs than >>> just GNOME, ranging from KDE apps, pure Qt or GTK apps to for exaple >>> ibus. User's trash is also put in one of those. >>> Therefore I think, that the directories should be labeled with types >>> that are owned by another application/DE unspecific module (Dominick >>> Grift in conversation mentioned these are part of freedesktop >>> specifications, so I guess it can be named eg. freedesktop). And their >>> naming should also resign from application specific names, which is >>> the case of >>> gconf_home_t for ~/.local. >>> >>> Regards, >>> Ondrej Vadinsky >> >> That is fine, and messages like this should go to the refpolicy mail >> list. refpolicy(a)oss.tresys.com > > Those types seem to be part of Fedora SELinux policy, I could not find > them in refpolicy, therefore I wrote to Fedora mailing list. > >> We have lots of types that have used specific applications and ended up >> being used by other applications. We have not gone back and changed the >> names, mainly because of the hassle. For example. >> >> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0 > > Uh, ok, if you say so. > > Regards, > Ondrej Vadinsky BTW I am not arguing with you and since they are not in refpolicy yet, it makes it easier to change them.