From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 14 Oct 2012 22:44:43 +0200 Subject: [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash In-Reply-To: <1350246825.9829.11.camel@d30.localdomain> References: <1350244316-11712-1-git-send-email-debian@mikapflueger.de> <1350245855.9829.8.camel@d30.localdomain> <1350246825.9829.11.camel@d30.localdomain> Message-ID: <1350247483.9829.19.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2012-10-14 at 22:33 +0200, Dominick Grift wrote: > > On Sun, 2012-10-14 at 22:17 +0200, Dominick Grift wrote: > > I actually revisited the mozilla plugin and i am thinking about how to > > deal with plugins like flash and their userdom user home content. > > > > I am not yet sure if mozilla_home_t is the optimal type for this and if > > it is worth having a private type for it > > > > mozilla home type of files are sensitive in a sense. consider your > > password stored in mozilla etc. > > > > i am not sure whether flash home content justifies having a private type > > and if so if it is a good idea to label it mozilla home t > > > > if we label it mozilla home t and some app needs access to flash then it > > automatically has access to mozilla content and i am not sure if this is > > desired > > > > We now have the named file transition functionality so we can allow > > mozila access to generic user home content without problem and still > > have its sensitive content protected with the mozilla home type > > > > I would like the opinion of others on this issue > > > > it is worth to label flash content in home? and if so what would be a > > better idea: 1. to classify it mozilla home content or classify it > > something else? > > also consider the following one has two browsers for example firefox and > chromium, both use flash and both have their content in home with their > own private type > > the flash content in home is labeled as per your suggestion > mozilla_home_t, now chromium needs access to mozilla_home_t and as a > consequence can now also edit mozilla content > > this seems like a bad idea to me What people need to understand is that now that we have named file transitions the whole selinux in the desktop enviroment issue has changed Previously we desperately tried to avoid confined user agents to generic home content. This was because we had little fexibility with file type transitions in /home This caused issues that basically made us lose focus in the core issues protect what needs to be protected without losing functionality if possible Now we need to go back to focus on what is important. A browser can have access and create generic user content. Thats ok. Aslong as content worth protecting gets a private type. And aslong as confined agents only get the access they need And that is now possible. now we can confine the user space in a proper way without pissing of users (or at least pissing them off more than strictly required) protect what makes sense to protect and leave anything else generic > > On Sun, 2012-10-14 at 21:51 +0200, Mika Pfl?ger wrote: > > > From: Russel Coker > > > > > > --- > > > mozilla.fc | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/mozilla.fc b/mozilla.fc > > > index 3a73e74..271928b 100644 > > > --- a/mozilla.fc > > > +++ b/mozilla.fc > > > @@ -1,3 +1,4 @@ > > > +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > > > HOME_DIR/\.config/chromium(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > > > HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > > > HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) > > > > > >