From: nicky726@gmail.com (Nicky726) Date: Sat, 30 Jan 2010 20:02:16 +0100 Subject: [refpolicy] [PATCH 1/1] Added KDE and Konqueror policy. Made necessary changes in staff, unprivuser and unconfined, for it to work. In-Reply-To: References: Message-ID: <201001302002.16539.Nicky726@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thanks for your comments, I'll provide a better patch soon. In the meantime just some notes and questions. > > +# Temp acces for konqueror > > +manage_dirs_pattern(konqueror_t, konqueror_tmp_t, konqueror_tmp_t) > > +manage_lnk_files_pattern(konqueror_t, konqueror_tmp_t, konqueror_tmp_t) > > +manage_sock_files_pattern(konqueror_t, konqueror_tmp_t, konqueror_tmp_t) > > +manage_files_pattern(konqueror_t, konqueror_tmp_t, konqueror_tmp_t) > > This does probably require the user to be able to manage it What do you mean by this? > > + konqueror_role(staff_r, staff_t) > > +') > > + > > Should probably go into userdomain (common use template), but i believe > that for reference policy these calls are not required at all (gets > called automatically) > > > + konqueror_role(user_r, user_t) > > +') > > Same as above > > > + konqueror_role(unconfined_r, unconfined_t) > > +') > > + > > Not sure whether it is a good idea run let unconfined_t transition Well I'm definitely confused about where to place these calls. Fedora has it somewhere, refpolicy elsewhere. Could somebody provide explanation about it? > > > +HOME_DIR/\.kde/share/config/konq_history -- gen_context(system_u:object_ > >r:konqueror_home_t,s0) + > > +HOME_DIR/\.kde/share/config/konquerorrc -- gen_context(system_u:object_ > >r:konqueror_home_t,s0) + > > +HOME_DIR/\.kde/share/config/konqsidebartng.rc -- gen_context(system_u:ob > >ject_r:konqueror_home_t,s0) + > > +HOME_DIR/\.kde/share/config/kuriikwsfilterrc -- gen_context(system_u:obj > >ect_r:konqueror_home_t,s0) + > > +HOME_DIR/\.kde/share/apps/konqueror(/.*)? gen_context(system_u:object_r > >:konqueror_home_t,s0) + > > +HOME_DIR/\.kde/share/apps/khtml(/.*)? gen_context(system_u:object_r:ko > >nqueror_home_t,s0) > > Why not just kde_shared_home_t for everything in ~/.kde > Well, I hope this policy to be just a first step in constructing policies for other KDE aplications, which I think should be also confined from each other, so that e.g. a weakness in KDE browser would not endager contacts in KDE mail client. > > +gen_tunable(konqueror_exec_bin_t, false) > > This shouldnt be tunable Hm, I made it tunable, because I didn't feel quite right to let konqueror run bin_t just because of some bug reporting tool. Maybe that was not good idea... Any special reasons why it sould not be tunable? Thanx for your time, Ondrej Vadinsk? -- Don`t it always seem to go That you don`t know what you`ve got Till it`s gone. (Joni Mitchell)