Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific
Nicky726
nicky726 at gmail.com
Thu Sep 16 21:13:45 UTC 2010
Dne Čt 16. září 2010 21:22:07 jste napsal(a):
> On 09/16/2010 12:16 PM, Nicky726 wrote:
> > Hello,
> >
> > while working on confinement of selected KDE apps, I came to following
> > issue:
> >
> > Directories ~/.config, ~/.local, ~/.local/share (and possibly others) are
> > labeled as config_home_t, gconf_home_t and data_home_t all owned by gnome
> > module. These directories are used by much more programs than just GNOME,
> > ranging from KDE apps, pure Qt or GTK apps to for exaple ibus. User's
> > trash is also put in one of those.
> > Therefore I think, that the directories should be labeled with types that
> > are owned by another application/DE unspecific module (Dominick Grift in
> > conversation mentioned these are part of freedesktop specifications, so
> > I guess it can be named eg. freedesktop). And their naming should also
> > resign from application specific names, which is the case of
> > gconf_home_t for ~/.local.
> >
> > Regards,
> > Ondrej Vadinsky
>
> That is fine, and messages like this should go to the refpolicy mail
> list. refpolicy at oss.tresys.com
Those types seem to be part of Fedora SELinux policy, I could not find them in
refpolicy, therefore I wrote to Fedora mailing list.
> We have lots of types that have used specific applications and ended up
> being used by other applications. We have not gone back and changed the
> names, mainly because of the hassle. For example.
>
> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0
Uh, ok, if you say so.
Regards,
Ondrej Vadinsky
--
Don't it always seem to go
That you don't know what you've got
Till it's gone
(Joni Mitchell)
More information about the selinux
mailing list