From: dac.override@gmail.com (Dominick Grift) Date: Tue, 29 Nov 2016 12:51:01 +0100 Subject: [refpolicy] [PATCH] Apache OpenOffice module In-Reply-To: References: <1480113700.5692.4.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/29/2016 02:48 AM, Chris PeBenito wrote: > On 11/26/16 08:53, Dominick Grift via refpolicy wrote: >> On 11/25/2016 11:41 PM, Guido Trentalancia via refpolicy wrote: >>> This is a minimal patch that I am testing to support Apache OpenOffice >>> with its own module. >>> >>> The file contexts (and initial tests) are based on the default >>> installation path for version 4 of the office suite. >>> >>> Signed-off-by: Guido Trentalancia >>> --- > [...] >> >> I am personally of the opinion that this module probably will not cut it >> in the end. Basically because it's too limited, especially considering >> that it uses dbus. > > I'm unclear what the purpose of this policy is. Users aren't going to > expect this kind of limitation. They should be able to edit whatever > their user domain has access to, i.e. the same reason vim doesn't have a > policy. > vim is a text editor. open/libre office is a office suite. I do not believe that anyone expects the latter to be able to manage config, data and cache files. If you want to enforce some integrity on the desktop then you have to draw the line somewhere sometimes. I suppose that is what enforcing integrity is all about after all... -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161129/07bf8234/attachment.bin