From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 30 Nov 2012 09:35:21 -0500 Subject: [refpolicy] [PATCH 3/3] Implement X Desktop Group In-Reply-To: <1354198592.20999.5.camel@localhost> References: <1352116515-21046-1-git-send-email-dominick.grift@gmail.com> <1352116515-21046-4-git-send-email-dominick.grift@gmail.com> <1354194543.20999.3.camel@localhost> <50B76876.3010305@tresys.com> <1354198592.20999.5.camel@localhost> Message-ID: <50B8C429.3090901@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/29/12 09:16, grift wrote: > On Thu, 2012-11-29 at 08:51 -0500, Christopher J. PeBenito wrote: >> On 11/29/12 08:09, grift wrote: >>> Are we ready to make a decision yet with regard to the two outstanding >>> issues? >>> >>> - best type names? (my preference user_data_home_t, user_config_home_t, >>> user_cache_home_t) >> >> replace user with xdg, e.g. xdg_config_home_t. >> >>> - should be label ~/.local/share with the xdg data home type or ~/.local >>> ( my preference ~/.local/share) >>> >>> But i will go with whatever in the end >> >> Here's another option to consider: >> >> $HOME/.local -d gen_context(system_u:object_r:xdg_local_home_t,s0) >> $HOME/.local/share(/.*)? gen_context(system_u:object_r:xdg_data_home_t,s0) >> >> and then treat xdg_local_home_t similar to user_home_dir_t and filetrans everything under it. Then the named filetrans for ~/.local/share will work right on top of any of the other random dirs that pop up under there. > > I understand your reasoning but i am not confident about the type name > "xdg_local_home_t" and i am also not confident that this type should be > declared in the xserver policy module > > how about we use local_home_t and declare it in the userdomain module? I'm unclear why you disagree. It seems to make sense that 1. this standard is defined by the X desktop group, so xdg doesn't seem so bad to have in the type name. 2. I don't think it makes sense in userdomain because this standard applies to X desktops, so if you don't have an xserver, theres no need for these definitions. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com