From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 28 Aug 2016 14:40:39 -0400 Subject: [refpolicy] [PATCH v4] Update for the gnome policy and file contexts In-Reply-To: <7EAFAD82-CDDA-47E3-950E-4D5610686C6C@trentalancia.net> References: <1471099545.21480.27.camel@trentalancia.net> <1471296811.28802.0.camel@trentalancia.net> <1471704772.17584.9.camel@trentalancia.net> <1471894798.19333.1.camel@trentalancia.net> <1471956294.17467.4.camel@trentalancia.net> <1472075733.19800.4.camel@trentalancia.net> <1472317696.28955.1.camel@trentalancia.net> <1472318213.31962.2.camel@trentalancia.net> <1472330498.25935.7.camel@trentalancia.net> <1472334513.25935.16.camel@trentalancia.net> <6b1697f1-2aaf-3727-5b69-8794a0f85530@gmail.com> <7EAFAD82-CDDA-47E3-950E-4D5610686C6C@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/28/16 11:37, Guido Trentalancia via refpolicy wrote: > Things are very far from working naturally as they are. > > On the other hand, the patches are surely far from being complete or stable yet, but at least every version allows to start the Gnome desktop. > > Now I met this major problem, it looks by all means a limitation of the existing framework, but I am sure that it will be sorted out... > > I am also waiting to hear from Christopher about this. The way I see it is that general purpose desktops are incredibly complicated and are not designed with security in mind. I wonder if the policy complexity needed to confine it all actually buys a proportional amount of security gains. I'm not saying it shouldn't be done, but I am skeptical that it is worth it. -- Chris PeBenito