From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 16 Sep 2010 15:22:07 -0400
Subject: [refpolicy] Labeling of ~/.local, ~/.config,
 ... owned by gnome though not gnome specific
In-Reply-To: <201009161816.19552.Nicky726@gmail.com>
References: <201009161816.19552.Nicky726@gmail.com>
Message-ID: <4C926E5F.8020600@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2010 12:16 PM, Nicky726 wrote:
> Hello,
> 
> while working on confinement of selected KDE apps, I came to following issue:
> 
> Directories ~/.config, ~/.local, ~/.local/share (and possibly others) are 
> labeled as config_home_t, gconf_home_t and data_home_t all owned by gnome 
> module. These directories are used by much more programs than just GNOME, 
> ranging from KDE apps, pure Qt or GTK apps to for exaple ibus. User's trash is 
> also put in one of those. 
> Therefore I think, that the directories should be labeled with types that are 
> owned by another application/DE unspecific module (Dominick Grift in 
> conversation mentioned these are part of freedesktop specifications, so I 
> guess it can be named eg. freedesktop). And their naming should also resign 
> from application specific names, which is the case of gconf_home_t for 
> ~/.local.
> 
> Regards,
> Ondrej Vadinsky
That is fine, and messages like this should go to the refpolicy mail
list. refpolicy at oss.tresys.com

We have lots of types that have used specific applications and ended up
being used by other applications.  We have not gone back and changed the
names, mainly because of the hassle.  For example.

/usr/bin/epiphany	--	system_u:object_r:mozilla_exec_t:s0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkySbl8ACgkQrlYvE4MpobOaWgCeJPh7wPZ5Hrxd+7MzR5AT3t8I
S7sAoKrglUIHF0Jyrq9RAa7RPr5I4SLF
=yLI2
-----END PGP SIGNATURE-----