Re: what do we do with user_home_t, and what more could we do with it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2013-10-30 at 11:53 -0400, Daniel J Walsh wrote:

> Well in this case I would like to potentially run these container/apps with
> Types like firefox_t and ooffice_t, but more generically with app_t where
> app_t is not allowed to touch user_home_t.
> 
> But we are going far a field of this email chain, and we can revisit this when
> we actually have applications containers.
> 
> 

Sure, we will see, and yes i guess containers in Gnome are inevitable
anyways (what about other DE's). I think, but you probably already know
that, that we should not try to prevent access to the generic user home
content type user_home_t, but instead classify everything that is not
generic.

Anyways the difference is that i have integrity enforcement on the
desktop currently implemented (albeit somewhat limited), and what you
are suggesting is something that might work in a distant future.

</thread>

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux