From: russell@coker.com.au (Russell Coker)
Date: Thu, 4 Aug 2011 09:04:50 +1000
Subject: [refpolicy] [PATCH/RFC] Add support for the skype_t domain
In-Reply-To: <1312380254.2134.16.camel@localhost.localdomain>
References: <20110724153808.GA25350@siphos.be>
	<20110803134256.GB9734@siphos.be>
	<1312380254.2134.16.camel@localhost.localdomain>
Message-ID: <201108040904.50416.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 4 Aug 2011, Dominick Grift <domg472@gmail.com> wrote:
> In my experience one should not block access to generic user content but
> rather prevent user agents from creating content with the generic user
> content type, if it is not generic user content (e.g if it is a
> communication channel, configuration, cache or any other kind of file
> that is needed for the program to run).
> 
> So a program like skype should be able to manage user_home_t just fine.
> Thats not the issue the issue is that i dont want it to have access to
> protected files that are needed to make some user agent run properly
> (atleast not if they dont need that access). (ssh_home_t, gpg_secret_t,
> "any user app config files", gnome keyring db
> etc, etc, etc.

If skype_t can write to user_home_t then it can change files such as .bashrc 
such that at the next shell invocation bash will change files such as 
ssh_home_t for it.

Now if you are proposing separate types for .bash* files etc then it might be 
more reliable.
 
-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/