There is a set of types for each role, *_untrusted_content_t and *_untrusted_content_tmp_t which was from before refpolicy. The original premise for their use was so that low integrity data coming out of network applications would be written out with these types, and then the role would have to upgrade it before using it. However, the policy is kinda half-baked as mozilla, thunderbird, and evolution domains are the only ones that can even create files with these types, and only if a boolean is enabled. I don't think that anyone uses these types. Both Dan and myself would like to eliminate these types; are there any objections? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
