Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific

Daniel J Walsh dwalsh at redhat.com
Thu Sep 16 21:34:16 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2010 05:13 PM, Nicky726 wrote:
> Dne Čt 16. září 2010 21:22:07 jste napsal(a):
>> On 09/16/2010 12:16 PM, Nicky726 wrote:
>>> Hello,
>>>
>>> while working on confinement of selected KDE apps, I came to following
>>> issue:
>>>
>>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others) are
>>> labeled as config_home_t, gconf_home_t and data_home_t all owned by gnome
>>> module. These directories are used by much more programs than just GNOME,
>>> ranging from KDE apps, pure Qt or GTK apps to for exaple ibus. User's
>>> trash is also put in one of those.
>>> Therefore I think, that the directories should be labeled with types that
>>> are owned by another application/DE unspecific module (Dominick Grift in
>>> conversation mentioned these are part of freedesktop specifications, so
>>> I guess it can be named eg. freedesktop). And their naming should also
>>> resign from application specific names, which is the case of
>>> gconf_home_t for ~/.local.
>>>
>>> Regards,
>>> Ondrej Vadinsky
>>
>> That is fine, and messages like this should go to the refpolicy mail
>> list. refpolicy at oss.tresys.com
> 
> Those types seem to be part of Fedora SELinux policy, I could not find them in 
> refpolicy, therefore I wrote to Fedora mailing list.
> 
>> We have lots of types that have used specific applications and ended up
>> being used by other applications.  We have not gone back and changed the
>> names, mainly because of the hassle.  For example.
>>
>> /usr/bin/epiphany	--	system_u:object_r:mozilla_exec_t:s0
> 
> Uh, ok, if you say so.
> 
> Regards,
> Ondrej Vadinsky
> 
BTW I am not arguing with you and since they are not in refpolicy yet,
it makes it easier to change them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkySjVgACgkQrlYvE4MpobOubQCdGzilPuXdfG14pnmZlsrkaeSu
+c0AniORKRJMkLBoYAbAynSuKCku2A8D
=F+x5
-----END PGP SIGNATURE-----

More information about the selinux mailing list