From: dwalsh@redhat.com (Daniel J Walsh)
Date: Wed, 03 Oct 2012 18:05:16 -0400
Subject: [refpolicy] [REVIEW REQUEST] Changes to the gnome policy module
In-Reply-To: <CAPzO=Nwj4JMZ0fZuEesPBj0t9yE57drTmYiVYtfmt0mFA0sCzA@mail.gmail.com>
References: <1349277155-3545-1-git-send-email-dominick.grift@gmail.com>
	<CAPzO=Nwj4JMZ0fZuEesPBj0t9yE57drTmYiVYtfmt0mFA0sCzA@mail.gmail.com>
Message-ID: <506CB69C.30005@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/03/2012 02:16 PM, Sven Vermeulen wrote:

I have no problem going to xdg.  We have very few domains that transition out
of unconfined_t.  The problem with this is what I often want to provide some
protection for the bulk of users who run with unconfined_t.  Currently we try
to add protection to chrome/firefox plugins and thumb_t.  Most of the rest are
either historic, to keep labeling correct.  Or probably not needed.

For Fedora 19 I will make an effort to remove as many as possible.

sesearch -T -s unconfined_t -c process -C | grep -v initrc_t  | wc -l
38

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBstpwACgkQrlYvE4MpobPs6ACeNQaEpa5S1nLuzGRLqXkuSaeZ
yzMAoLW6N/YwIOQRND09SLwy4iuhl/i9
=lsj4
-----END PGP SIGNATURE-----