From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 16 Feb 2011 22:28:08 +0100
Subject: [refpolicy] [PATCH 5/34]: patch to label XDG config files and
 allow policykit to use them
In-Reply-To: <20110216205154.GB5937@siphos.be>
References: <1297836060.3205.34.camel@tesla.lan>
	<20110216205154.GB5937@siphos.be>
Message-ID: <1297891688.5067.7.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello Sven,

thanks for your comments.

Yes, in practice, anything other than generic user_home_t is fine.

So, for example, user_xdg_config_t could be used and perhaps the naming
is more appropriate (as formally it's XDG shared with Gnome), but there
is a lack of interfaces for that (i.e. the equivalent of
gnome_read_config()).

Feel free to provide an alternative patch in place of [5/34] that I
proposed.

The important is that .config is not labeled generically and that
policykit can read its content (I believe it only needs to
read .config/user-dirs.*) !

Regards,

Guido

On Wed, 16/02/2011 at 21.51 +0100, Sven Vermeulen wrote:
> On Wed, Feb 16, 2011 at 07:00:59AM +0100, Guido Trentalancia wrote:
> > This patch labels HOME_DIR/\.config as gnome_home_t and then
> > allows policykit to read such kind of files.
> 
> Afaik, this location is used by much more than gnome applications. I don't
> have GNOME installed but it is still there for things like XFCE4, epdfview,
> zathura etc.
> 
> The .config location seems to be part of the XDG Base Directory
> Specification (I believe dgrift once referred me to this), independent of
> GNOME.
> 
> Perhaps it is more wise to call it user_config_t or user_xdg_config_t (and
> xdg_config_t for /etc/xdg etc.)? That way, the necessary privileges can be
> offered in an XDG-specific set of interfaces for all applications adhering
> to this specification (rather than using gnome_* interfaces even though they
> are not GNOME related).
> 
> Wkr,
> 	Sven Vermeulen
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>