On Tue, 2005-03-29 at 08:54 -0500, Stephen Smalley wrote: > On Tue, 2005-03-29 at 12:33 +0100, Dale Amon wrote: > > I will run screaming if someone imports the registry > > concept into Unix. > > Better start running then. gconf is already being used as a registry, > and there is a linux registry aka elektra project as well. People very often confuse "the registry concept" with a specific implementation which they may have had a bad experience with in the past or have heard rumors of other people having a bad experience with. Having some sort of sane mechanism for locating, managing, and monitoring preferences is pretty critical to writing desktop applications. For example, one thing that GConf provides is notification of preference changes. This is a fundamental basis for a lot of how GNOME's "instant-apply" feature works, e.g. if you change the theme all apps automatically update. Doing this kind of thing with "text files" or whatever is going to be hackish at best. To bring this discussion somewhat back on topic, Luke is right in that in order to write a strong SELinux policy for desktop applications, we really need to have fine-grained separation between user data (i.e. OpenOffice documents), user preferences, highly sensitive data such as GPG keys, and random other junk that apps dump in $HOME like error logs. Also relating to the registry: Once we finish D-BUS, the plan is to make GConf be a userspace object manager; for example, to allow Mozilla the ability to read but not write the "http proxy" GConf key, or to disallow it from reading the WEP keys that NetworkManager currently stores there (which is wrong, but...). Having fine-grained labeling on preference keys is much nicer than granting user_mozilla_t access to user_home_t, which grants kind of unconstrained read access to everything, and is better than trying to maintain a text file per key in some hypothetical "text file registry" just so that we can have individual labels on them.
