On Mon, Mar 28, 2005 at 12:27:31AM -0500, Ivan Gyurdiev wrote: > Part of the problem seems to be the way Linux apps treat /home, as the > place for everything. It doesn't. It treats $HOME as the only place that the user has permission to store his stuff. On a well-configured system, that assumption is correct. > Why are both app. settings and user data stored > in /home as the default location. Because otherwise the user couldn't add or edit them. > Now Windows' approach of having "My Documents" and the like is starting > to make a lot of sense (even though I absolutely hate those names). The Linux approach, however, allows much more flexibility. If you want applications to share data, there are several ways to accomplish that goal. Here's just a quick idea: * add $HOME/Downloads as a directory * give it its own type, maybe ROLE_downloads_t * give mozilla permissions to write there, with file_type_auto_trans * give mplayer permissions to the resulting files voila, mplayer can now play stuff downloaded from the web, without opening up the big hole of giving it permissions to all mozilla files. Another solution, for a more paranoid environment would be adding a virus/malware scanner domain that can read mozilla's files and write them out again (after checking and/or cleaning) as a regular ROLE_home_t file. This would ensure that any files fully accessible in the home directory have been scanned. The point is - I may or may not want mplayer to play random stuff from the web with potentially dangerous content. If you want to, evaluate your security requirements and institute the appropriate solution. -- http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@xxxxxxxxxxx> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
