From: aranea@aixah.de (Luis Ressel) Date: Fri, 2 Dec 2016 02:09:15 +0100 Subject: [refpolicy] [PATCH] Apache OpenOffice module In-Reply-To: <384904fc-7486-e10f-001a-6ff58520967b@ieee.org> References: <1480113700.5692.4.camel@trentalancia.net> <848bd66a-ead2-97e3-b952-265ab5d8c903@ieee.org> <5ebcef67-c5cd-2c1d-0ed3-3b2178c1c88b@gmail.com> <384904fc-7486-e10f-001a-6ff58520967b@ieee.org> Message-ID: <20161202020915.5301a49f@gentp.lnet> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 1 Dec 2016 19:42:13 -0500 Chris PeBenito via refpolicy wrote: > This alone is what convinces me to merge it. I still think that > generic user data is still the highest priority by many magnitudes. > If I had a copy of my tax forms or health info (or pick some other > extremely personal, sensitive document) on my system, I would be FAR > angrier if that was compromised, compared to my GPG key. GPG keys > can be revoked and passwords can be changed. I agree, but I think protection of personal documents is something that everyone of us needs to implement for themselves [1], because the individual workflows and requirements differ vastly. Contrast this with things like gnupg: There it makes sense to include a common policy in refpol because everyone will have similar data layouts for gnupg stuff (everything stored in ~/.gnupg/, basically) and access this data with similar tools. I don't really care about the proposed OpenOffice policy, as I don't use office suites myself, but if it's merged, I expect many discussions about stuff like "Should MUAs be allowed to access OO documents?". [1] For example, on my systems there's a separate user account for online banking, and sensitive documents (mostly txt's and pdf's) are stored under my regular user account, but with a custom SELinux type that can only be accessed after transitioning via "newrole". Regards, Luis