From: nicky726@gmail.com (Nicky726) Date: Fri, 17 Sep 2010 09:37:10 +0200 Subject: [refpolicy] Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific In-Reply-To: <4C928D58.80209@redhat.com> References: <201009161816.19552.Nicky726@gmail.com> <201009162313.46206.Nicky726@gmail.com> <4C928D58.80209@redhat.com> Message-ID: <201009170937.11115.Nicky726@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Dne ?t 16. z??? 2010 23:34:16 jste napsal(a): > On 09/16/2010 05:13 PM, Nicky726 wrote: > > Dne ?t 16. z??? 2010 21:22:07 jste napsal(a): > >> On 09/16/2010 12:16 PM, Nicky726 wrote: > >>> Hello, > >>> > >>> while working on confinement of selected KDE apps, I came to following > >>> issue: > >>> > >>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others) > >>> are labeled as config_home_t, gconf_home_t and data_home_t all owned > >>> by gnome module. These directories are used by much more programs than > >>> just GNOME, ranging from KDE apps, pure Qt or GTK apps to for exaple > >>> ibus. User's trash is also put in one of those. > >>> Therefore I think, that the directories should be labeled with types > >>> that are owned by another application/DE unspecific module (Dominick > >>> Grift in conversation mentioned these are part of freedesktop > >>> specifications, so I guess it can be named eg. freedesktop). And their > >>> naming should also resign from application specific names, which is > >>> the case of > >>> gconf_home_t for ~/.local. > >>> > >>> Regards, > >>> Ondrej Vadinsky > >> > >> That is fine, and messages like this should go to the refpolicy mail > >> list. refpolicy at oss.tresys.com > > > > Those types seem to be part of Fedora SELinux policy, I could not find > > them in refpolicy, therefore I wrote to Fedora mailing list. > > > >> We have lots of types that have used specific applications and ended up > >> being used by other applications. We have not gone back and changed the > >> names, mainly because of the hassle. For example. > >> > >> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0 > > > > Uh, ok, if you say so. > > > > Regards, > > Ondrej Vadinsky > > BTW I am not arguing with you and since they are not in refpolicy yet, > it makes it easier to change them. I guess I misunderstood. You intend to eventually fix it then? Regards Ondrej Vadinsky -- Don't it always seem to go That you don't know what you've got Till it's gone (Joni Mitchell)