Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific
Nicky726
nicky726 at gmail.com
Fri Sep 17 07:37:10 UTC 2010
Dne Čt 16. září 2010 23:34:16 jste napsal(a):
> On 09/16/2010 05:13 PM, Nicky726 wrote:
> > Dne Čt 16. září 2010 21:22:07 jste napsal(a):
> >> On 09/16/2010 12:16 PM, Nicky726 wrote:
> >>> Hello,
> >>>
> >>> while working on confinement of selected KDE apps, I came to following
> >>> issue:
> >>>
> >>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others)
> >>> are labeled as config_home_t, gconf_home_t and data_home_t all owned
> >>> by gnome module. These directories are used by much more programs than
> >>> just GNOME, ranging from KDE apps, pure Qt or GTK apps to for exaple
> >>> ibus. User's trash is also put in one of those.
> >>> Therefore I think, that the directories should be labeled with types
> >>> that are owned by another application/DE unspecific module (Dominick
> >>> Grift in conversation mentioned these are part of freedesktop
> >>> specifications, so I guess it can be named eg. freedesktop). And their
> >>> naming should also resign from application specific names, which is
> >>> the case of
> >>> gconf_home_t for ~/.local.
> >>>
> >>> Regards,
> >>> Ondrej Vadinsky
> >>
> >> That is fine, and messages like this should go to the refpolicy mail
> >> list. refpolicy at oss.tresys.com
> >
> > Those types seem to be part of Fedora SELinux policy, I could not find
> > them in refpolicy, therefore I wrote to Fedora mailing list.
> >
> >> We have lots of types that have used specific applications and ended up
> >> being used by other applications. We have not gone back and changed the
> >> names, mainly because of the hassle. For example.
> >>
> >> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0
> >
> > Uh, ok, if you say so.
> >
> > Regards,
> > Ondrej Vadinsky
>
> BTW I am not arguing with you and since they are not in refpolicy yet,
> it makes it easier to change them.
I guess I misunderstood. You intend to eventually fix it then?
Regards
Ondrej Vadinsky
--
Don't it always seem to go
That you don't know what you've got
Till it's gone
(Joni Mitchell)
More information about the selinux
mailing list