From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Mon, 15 Oct 2012 11:43:23 +0200 Subject: [refpolicy] [PATCH] Label ~/\.adobe(/.*)? as mozilla_home_t for flash In-Reply-To: <1350247483.9829.19.camel@d30.localdomain> References: <1350244316-11712-1-git-send-email-debian@mikapflueger.de> <1350245855.9829.8.camel@d30.localdomain> <1350246825.9829.11.camel@d30.localdomain> <1350247483.9829.19.camel@d30.localdomain> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com In gentoo i am using flash_home_t as there are even non-browser apps using flash. And i don't trust flash. On Oct 14, 2012 10:44 PM, "Dominick Grift" wrote: > > > On Sun, 2012-10-14 at 22:33 +0200, Dominick Grift wrote: > > > > On Sun, 2012-10-14 at 22:17 +0200, Dominick Grift wrote: > > > I actually revisited the mozilla plugin and i am thinking about how to > > > deal with plugins like flash and their userdom user home content. > > > > > > I am not yet sure if mozilla_home_t is the optimal type for this and if > > > it is worth having a private type for it > > > > > > mozilla home type of files are sensitive in a sense. consider your > > > password stored in mozilla etc. > > > > > > i am not sure whether flash home content justifies having a private > type > > > and if so if it is a good idea to label it mozilla home t > > > > > > if we label it mozilla home t and some app needs access to flash then > it > > > automatically has access to mozilla content and i am not sure if this > is > > > desired > > > > > > We now have the named file transition functionality so we can allow > > > mozila access to generic user home content without problem and still > > > have its sensitive content protected with the mozilla home type > > > > > > I would like the opinion of others on this issue > > > > > > it is worth to label flash content in home? and if so what would be a > > > better idea: 1. to classify it mozilla home content or classify it > > > something else? > > > > also consider the following one has two browsers for example firefox and > > chromium, both use flash and both have their content in home with their > > own private type > > > > the flash content in home is labeled as per your suggestion > > mozilla_home_t, now chromium needs access to mozilla_home_t and as a > > consequence can now also edit mozilla content > > > > this seems like a bad idea to me > > What people need to understand is that now that we have named file > transitions the whole selinux in the desktop enviroment issue has > changed > > Previously we desperately tried to avoid confined user agents to generic > home content. This was because we had little fexibility with file type > transitions in /home > > This caused issues that basically made us lose focus in the core issues > > protect what needs to be protected without losing functionality if > possible > > Now we need to go back to focus on what is important. > > A browser can have access and create generic user content. Thats ok. > Aslong as content worth protecting gets a private type. > > And aslong as confined agents only get the access they need > > And that is now possible. > > now we can confine the user space in a proper way without pissing of > users (or at least pissing them off more than strictly required) > > protect what makes sense to protect and leave anything else generic > > > > On Sun, 2012-10-14 at 21:51 +0200, Mika Pfl?ger wrote: > > > > From: Russel Coker > > > > > > > > --- > > > > mozilla.fc | 1 + > > > > 1 file changed, 1 insertion(+) > > > > > > > > diff --git a/mozilla.fc b/mozilla.fc > > > > index 3a73e74..271928b 100644 > > > > --- a/mozilla.fc > > > > +++ b/mozilla.fc > > > > @@ -1,3 +1,4 @@ > > > > +HOME_DIR/\.adobe(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) > > > > HOME_DIR/\.config/chromium(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) > > > > HOME_DIR/\.galeon(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) > > > > HOME_DIR/\.java(/.*)? > gen_context(system_u:object_r:mozilla_home_t,s0) > > > > > > > > > > > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20121015/ee5fe2ef/attachment.html