On Jan 3, 2017 8:00 AM, "Ralf Corsepius" <rc040203@xxxxxxxxxx> wrote:
On 01/03/2017 01:33 PM, Dominik 'Rathann' Mierzejewski wrote:Jikes, what a messy design!
On Tuesday, 03 January 2017 at 13:18, Ralf Corsepius wrote:
On 01/03/2017 11:53 AM, Martin Gansser wrote:
i am the package maintainer of boomaga and users told me thatWell, rpms are not suppose to touch anything below $HOME at all.
there is a problem with access rights, when writing to ~/.cache
directory.
A selinux package already exists for testing in: https://martinkg.fedorapeople.org/Review/test/boomaga/
And a bugzilla bug report also exists: https://bugzilla.redhat.com/show_bug.cgi?id=1409115
Bugreport on the boomaga developer site: https://github.com/Boomaga/boomaga/issues/43
Can someone help to write the correct selinux rules ?
I.e. $HOME rsp. ~/ is out of rpm's (and SELinux's) business
While the above is correct for rpm, SELinux does have business in
protecting $HOME. Just run ls -lZ in your home directory and see
for yourself. For example, ~/public_html has httpd_user_content_t
context, ~/bin has home_bin_t, ~/.config has config_home_t, etc.
People seem to have forgotten that homes are completely out of a distro's control. They are not guaranteed to be on a local filesystem or on an SELinux-enabled filesystem and are not standardized by any standard ....
Not really, there are standards and conventions for how apps store user specific settings inside the user's home directory. It's not even distro specific.
With respect to non-SELinux enabled filesystem, they are not affected by these policies. But if the filesystem is SELinux enabled then having the distro specific policy is important.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
