From: cgzones@googlemail.com (cgzones)
Date: Fri, 30 Dec 2016 17:07:32 +0100
Subject: [refpolicy] [PATCH v3] xserver: restrict executable memory
	permissions
In-Reply-To: <5E73ADF9-BB01-429C-A1EC-9C33CDEC589C@trentalancia.net>
References: <1482945627.7302.8.camel@trentalancia.net>
	<1482954976.2738.9.camel@trentalancia.net>
	<1483058219.31174.0.camel@trentalancia.net>
	<CAJ2a_DdzqHvRtwjbmDyS+LCbLxtoCViR2ZFwCTv+HPiqYKYeSA@mail.gmail.com>
	<5E73ADF9-BB01-429C-A1EC-9C33CDEC589C@trentalancia.net>
Message-ID: <CAJ2a_DeObY2AYCE_iZe_UpyvvFsRoQ4B9T_e-qFp_+wfqXNF_w@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

2016-12-30 2:42 GMT+01:00 Guido Trentalancia via refpolicy
<refpolicy@oss.tresys.com>:
> Hello again.
>
> I have double-checked and the difference between /usr/share and /var/lib is between architetture-independent and single-machine data, not between read-only and writable.

Quoting FHS 3.0:

/usr/share
"The /usr/share hierarchy is for all read-only architecture
independent data files."
(http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html)

/var/lib
"This hierarchy holds state information pertaining to an application
or the system. State information is data that programs modify while
they run, and that pertains to one specific host."
(http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s08.html)

> I hope it helps.
>
> Regards,
>
> Guido
>

Btw, I am not against this patch, just wanted to make sure this
specific change was intentional and note that it's a bit unhandsome.

Kindly Regards,
     Christian G?ttsche