On Sun, 2005-03-27 at 23:57 -0500, Ivan Gyurdiev wrote: > Fundamentally, what I want to know is: > > 1) Do desktop apps need to be confined? Is it a good idea to confine > them? Yes. > 2) If so, a shared data type is needed for interoperability. > Is ROLE_home_t acceptable for that purpose. A shared data type may be fine, but ROLE_home_t isn't what you want to use. And yes, separating settings from data is useful, and yes, littering user's top-level home directories with application settings considered harmful. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency
