From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 28 Aug 2016 21:11:25 +0200 Subject: [refpolicy] [PATCH v4] Update for the gnome policy and file contexts In-Reply-To: References: <1471099545.21480.27.camel@trentalancia.net> <1471296811.28802.0.camel@trentalancia.net> <1471704772.17584.9.camel@trentalancia.net> <1471894798.19333.1.camel@trentalancia.net> <1471956294.17467.4.camel@trentalancia.net> <1472075733.19800.4.camel@trentalancia.net> <1472317696.28955.1.camel@trentalancia.net> <1472318213.31962.2.camel@trentalancia.net> <1472330498.25935.7.camel@trentalancia.net> <1472334513.25935.16.camel@trentalancia.net> <6b1697f1-2aaf-3727-5b69-8794a0f85530@gmail.com> <7EAFAD82-CDDA-47E3-950E-4D5610686C6C@trentalancia.net> Message-ID: <7783C1B7-8D70-47A6-B090-36C621CC639E@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher! I think it's definitely worth in terms of security confining the Gnome desktop (as well as the other applications) properly. The user domain is the most common vulnerable point, so it should have the most limited number of permissions possibile. By confining the desktop properly we get great security gains exactly in that direction. Any insight on the problem that I encountered? I couldn't get things working in the dbus module with the variable $1_dbusd_t type, so I am now moving to testing with a static type instead. Best regards, Guido On the 28th of August 2016 20:40:39 CEST, Chris PeBenito wrote: >On 08/28/16 11:37, Guido Trentalancia via refpolicy wrote: >> Things are very far from working naturally as they are. >> >> On the other hand, the patches are surely far from being complete or >stable yet, but at least every version allows to start the Gnome >desktop. >> >> Now I met this major problem, it looks by all means a limitation of >the existing framework, but I am sure that it will be sorted out... >> >> I am also waiting to hear from Christopher about this. > >The way I see it is that general purpose desktops are incredibly >complicated and are not designed with security in mind. I wonder if >the >policy complexity needed to confine it all actually buys a proportional > >amount of security gains. I'm not saying it shouldn't be done, but I >am >skeptical that it is worth it.