From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 3 Aug 2011 15:42:56 +0200 Subject: [refpolicy] [PATCH/RFC] Add support for the skype_t domain In-Reply-To: <4E32AEB5.2030100@tresys.com> References: <20110724153808.GA25350@siphos.be> <4E32AEB5.2030100@tresys.com> Message-ID: <20110803134256.GB9734@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, Jul 29, 2011 at 08:59:33AM -0400, Christopher J. PeBenito wrote: > On 07/24/11 11:38, Sven Vermeulen wrote: > > The skype application is a popular voice and video chat application. > > This patch adds preliminary support for skype on SELinux. [...] > > +userdom_manage_user_home_content_dirs(skype_t) > > +userdom_manage_user_home_content_files(skype_t) > > Is this really necessary since there is skype_home_t? Depends on the use case, but Skype can be used to send and receive files, so skype_t needs to be able to manage the users' home directory content. Not that I'm happy with that, but it seems to be how most applications handle this. I personally prefer a specific type for interacting with the "outside" world (user_download_t or so) and have the apps be able to manage that type rather than user_home_t. But that does make it more difficult to explain to users (not really userfriendly). Thanks for the feedback (also on the other RFC mail)! Wkr, Sven Vermeulen