From: dwalsh@redhat.com (Daniel J Walsh) Date: Thu, 23 Sep 2010 13:59:00 -0400 Subject: [refpolicy] Labeling of ~/.local, ~/.config, ... owned by gnome though not gnome specific In-Reply-To: <201009202138.03769.Nicky726@gmail.com> References: <201009202138.03769.Nicky726@gmail.com> Message-ID: <4C9B9564.9020909@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/20/2010 03:38 PM, Nicky726 wrote: > Dne sobota 18 z??? 2010 19:00:01 Dominick Grift napsal(a): >>> Dne P? 17. z??? 2010 15:04:38 jste napsal(a): >>>> No I am saying you can suggest renames and try to get them upstream, if >>>> you do I will convert to using them. Once they are upstream it becomes a >>>> pain to change. >>> >>> By the upstream you mean refpolicy? Will it be a valid module, that just >>> defines those types, creates interfaces to access them in ways and labels >>> the directories? >> >> I do not think so. >> >> Its part of a larger issue that we need to find consensus on in the >> community. >> >> The problem is that we just declare types and define contexts, but that >> no module really owns it. >> >> That does not makes sense from the perspective of SELinux? >> >> How did these object get on the file system in the first place? which, >> if any package installed them (obviously no package installs ~/.config) >> >> I have yet to find out what creates ~/.config, I suspect it is >> gnome-session (in Gnome) but i am not sure. > > More interesting may be, if it is created by one or by more applications. It > is used by gnome apps, kde apps, but even pure qt or gtk apps. What happens if > an xsession with just vlc is run on an empty profile? I strongly doubt it will > call gnome-session or some kde related setup program, as it is pure qt > application, does not depend on etheir. There must either be some more > highlevel program which creates it for various DE's or every app creates it by > itself in case it does not already exist. If the firs case is true, we can find > it and create module for it which will own the types. If the second case is > true, the policy should find its way to live with it in this case the module > with just types doesn't seem that bad with me. > Those are just my thoughts, I would really like to hear more competent people > talking about it. > >> And even then if we find out there are other loosely related issues. >> >> For example the other xdg directories in HOME_DIR created by XDG. Like >> Downloads, Videos, Documents, Music, Pictures, Templates etc. >> >> In Fedora, most of these are not labelled explicitly yet either with the >> exception of Music i believe. >> >> The problem here is that XDG creates these directories in the applicable >> locale (language) >> >> How would be guarantee that these locations get labelled properly for >> all languages? >> >> With regard to HOME_DIR/\{.config, .local, .cache} we rely on >> restorecond to ensure proper labelling in Fedora. >> >> I suspect that upstream however will not accept making that assumption, >> thus i do not believe refpolicy will adopt fedoras' solution for dealing >> with the Freedesktop XDG specifications. >> >> Another piece in the puzzle called: confining the user space. >> >> The key issue in my view is the we need consensus in the community about >> how to go forward with the user space. > > Yes I agree. > > Regards, > Ondrej Vadinsky I think the real solution to this is to put this into the kernel. We need to define rules that says, if I create a directory within a directory labeled user_home_dir_t named .config, the kernel should create it labeled config_home_t. Any other solution including restorecond is going to be prone to failure. Similarly we could say if an app create resolv.conf withing etc_t it needs to labeled net_conf_t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyblWQACgkQrlYvE4MpobNqdwCgsGQLlw1a6TnyPVzBPSwMleWw M8YAn1UazRM4dDLATEO3aq5eZvknCCrs =nykw -----END PGP SIGNATURE-----