[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Desktop apps interoperability

To: Ivan Gyurdiev <ivg2@xxxxxxxxxxx>, "Fedora SELinux support list for users & developers." <fedora-selinux-list@xxxxxxxxxx>
Subject: Re: Desktop apps interoperability
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Mon, 28 Mar 2005 08:43:39 -0500
Cc: selinux@xxxxxxxxxxxxx
In-reply-to: <1111985855.1514.70.camel@xxxxxxxxxxxxxx>
Organization: National Security Agency
References: <1111985855.1514.70.camel@xxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Sun, 2005-03-27 at 23:57 -0500, Ivan Gyurdiev wrote:
> Fundamentally, what I want to know is:
> 
> 1) Do desktop apps need to be confined? Is it a good idea to confine
> them?

Yes.

> 2) If so, a shared data type is needed for interoperability. 
> Is ROLE_home_t acceptable for that purpose.

A shared data type may be fine, but ROLE_home_t isn't what you want to
use.  And yes, separating settings from data is useful, and yes,
littering user's top-level home directories with application settings
considered harmful. 

-- 
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Desktop apps interoperability
  - From: Ivan Gyurdiev

Prev by Date: Re: Desktop apps interoperability
Next by Date: Re: Desktop apps interoperability
Previous by thread: Re: Desktop apps interoperability
Next by thread: Re: Desktop apps interoperability
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.