On Mon, 09 May 2005 16:57:06 -0400, Ivan Gyurdiev wrote: > The untrusted_content part of this is a proposal for a type to be used > to mark things downloaded from the Internet that cannot be trusted > (hence..untrusted). The idea is that various web browsers, p2p clients, > etc. will use this type to store content. OK. What problem are we trying to solve here, exactly: that users want to run programs they download in some kind of quarantine zone? Or is the idea that actual data files may be problematic and need to be kept from other programs? I can't see any system that requires freeing data files being successful, people download way too many, but programs maybe ... It seems that the most common type of program to download and run is an installer or package. Right now they [usually] need root to work, but figuring out exactly what privs an installer or package really needs would probably be a good idea. Can you give some use cases where this sort of untrusted content type prevents Bob from damaging or accidentally subverting his system? thanks -mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
