From: russell@coker.com.au (Russell Coker) Date: Thu, 4 Aug 2011 09:04:50 +1000 Subject: [refpolicy] [PATCH/RFC] Add support for the skype_t domain In-Reply-To: <1312380254.2134.16.camel@localhost.localdomain> References: <20110724153808.GA25350@siphos.be> <20110803134256.GB9734@siphos.be> <1312380254.2134.16.camel@localhost.localdomain> Message-ID: <201108040904.50416.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 4 Aug 2011, Dominick Grift wrote: > In my experience one should not block access to generic user content but > rather prevent user agents from creating content with the generic user > content type, if it is not generic user content (e.g if it is a > communication channel, configuration, cache or any other kind of file > that is needed for the program to run). > > So a program like skype should be able to manage user_home_t just fine. > Thats not the issue the issue is that i dont want it to have access to > protected files that are needed to make some user agent run properly > (atleast not if they dont need that access). (ssh_home_t, gpg_secret_t, > "any user app config files", gnome keyring db > etc, etc, etc. If skype_t can write to user_home_t then it can change files such as .bashrc such that at the next shell invocation bash will change files such as ssh_home_t for it. Now if you are proposing separate types for .bash* files etc then it might be more reliable. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/