How about New Directory Structure (added to /skel, or whatever) ~/content - ROLE_content_t ~/content/desktop - ??? ~/content/downloads - ROLE_untrusted_content_t ~/content/media - ROLE_media_content_t ~/content/documents - ROLE_documents_content_t ~/content/mail - ROLE_mail_content_t ~/content/export_web - ROLE_httpd_user_content_t ~/content/export_samba - ROLE_samba_share_t ~/content/export_p2p - ROLE_p2p_share_t Desktop apps will be restricted to only access the appropriate one. "Downloading" apps will be restricted to download to untrusted_content_t. Now...how to move things to/from ~/content/downloads in a nice user-friendly way? What context for desktop? What role will the desktop play? -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University
