On Mon, 2005-03-28 at 00:03 -0500, Ivan Gyurdiev wrote: > Okay that was an unfinished email - sorry for my stupidity - I was > editing it and changing things and clicked send by mistake. > > The problem is accurately described (in the first part of the email) and > what I was getting to - I'm trying to imagine how desktop apps can be > confined properly in the future (and right now, for that matter). How > will they interoperate and share data? > > I was thinking of a ~/downloads folder with a shared context, but > this makes sense for apps that download stuff. In the future if desktop > apps are confined (say openoffice, abiword) this becomes a more generic > problem. Part of the problem seems to be the way Linux apps treat /home, as the place for everything. Why are both app. settings and user data stored in /home as the default location. That's where the problem comes from, and that seems like a bad idea - the user doesn't care about app settings and system files - they are not to be edited directly. That's why they're hidden in the first place. Now Windows' approach of having "My Documents" and the like is starting to make a lot of sense (even though I absolutely hate those names). If app settings were kept separate, in a non-selinux environment you could export your data files w/out exporting hidden important files like your gpg keys. If app settings were kept separate, you could restorecon those settings to correct contexts. Dwalsh said restorecon skips /home today because it could accidentaly reveal out-of-place gpg keys, or because it might be really big. Both those problems would not apply if settings were in a separate place - you could just restorecon the settings. -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University
