From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 3 Aug 2011 15:42:56 +0200
Subject: [refpolicy] [PATCH/RFC] Add support for the skype_t domain
In-Reply-To: <4E32AEB5.2030100@tresys.com>
References: <20110724153808.GA25350@siphos.be>
 <4E32AEB5.2030100@tresys.com>
Message-ID: <20110803134256.GB9734@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, Jul 29, 2011 at 08:59:33AM -0400, Christopher J. PeBenito wrote:
> On 07/24/11 11:38, Sven Vermeulen wrote:
> > The skype application is a popular voice and video chat application.
> > This patch adds preliminary support for skype on SELinux.
[...]
> > +userdom_manage_user_home_content_dirs(skype_t)
> > +userdom_manage_user_home_content_files(skype_t)
> 
> Is this really necessary since there is skype_home_t?

Depends on the use case, but Skype can be used to send and receive files, so
skype_t needs to be able to manage the users' home directory content.

Not that I'm happy with that, but it seems to be how most applications
handle this. I personally prefer a specific type for interacting with the
"outside" world (user_download_t or so) and have the apps be able to manage
that type rather than user_home_t. But that does make it more difficult to
explain to users (not really userfriendly).

Thanks for the feedback (also on the other RFC mail)!

Wkr,
	Sven Vermeulen