From: dwalsh@redhat.com (Daniel J Walsh) Date: Thu, 16 Sep 2010 15:22:07 -0400 Subject: [refpolicy] Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific In-Reply-To: <201009161816.19552.Nicky726@gmail.com> References: <201009161816.19552.Nicky726@gmail.com> Message-ID: <4C926E5F.8020600@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/16/2010 12:16 PM, Nicky726 wrote: > Hello, > > while working on confinement of selected KDE apps, I came to following issue: > > Directories ~/.config, ~/.local, ~/.local/share (and possibly others) are > labeled as config_home_t, gconf_home_t and data_home_t all owned by gnome > module. These directories are used by much more programs than just GNOME, > ranging from KDE apps, pure Qt or GTK apps to for exaple ibus. User's trash is > also put in one of those. > Therefore I think, that the directories should be labeled with types that are > owned by another application/DE unspecific module (Dominick Grift in > conversation mentioned these are part of freedesktop specifications, so I > guess it can be named eg. freedesktop). And their naming should also resign > from application specific names, which is the case of gconf_home_t for > ~/.local. > > Regards, > Ondrej Vadinsky That is fine, and messages like this should go to the refpolicy mail list. refpolicy at oss.tresys.com We have lots of types that have used specific applications and ended up being used by other applications. We have not gone back and changed the names, mainly because of the hassle. For example. /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkySbl8ACgkQrlYvE4MpobOaWgCeJPh7wPZ5Hrxd+7MzR5AT3t8I S7sAoKrglUIHF0Jyrq9RAa7RPr5I4SLF =yLI2 -----END PGP SIGNATURE-----