From: cgzones@googlemail.com (cgzones) Date: Fri, 30 Dec 2016 17:07:32 +0100 Subject: [refpolicy] [PATCH v3] xserver: restrict executable memory permissions In-Reply-To: <5E73ADF9-BB01-429C-A1EC-9C33CDEC589C@trentalancia.net> References: <1482945627.7302.8.camel@trentalancia.net> <1482954976.2738.9.camel@trentalancia.net> <1483058219.31174.0.camel@trentalancia.net> <5E73ADF9-BB01-429C-A1EC-9C33CDEC589C@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, 2016-12-30 2:42 GMT+01:00 Guido Trentalancia via refpolicy : > Hello again. > > I have double-checked and the difference between /usr/share and /var/lib is between architetture-independent and single-machine data, not between read-only and writable. Quoting FHS 3.0: /usr/share "The /usr/share hierarchy is for all read-only architecture independent data files." (http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s11.html) /var/lib "This hierarchy holds state information pertaining to an application or the system. State information is data that programs modify while they run, and that pertains to one specific host." (http://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s08.html) > I hope it helps. > > Regards, > > Guido > Btw, I am not against this patch, just wanted to make sure this specific change was intentional and note that it's a bit unhandsome. Kindly Regards, Christian G?ttsche