On Fri, Aug 07, 2015 at 09:37:06AM -0400, Joshua Brindle wrote: > > There is definitely an integrity violation with having such a privileged > program read from user directories but I suppose that ship has sailed. > generic user content, to me, is meant to be the share-able, and widely accessible user content (compared to private user content types) and if anything in home or /tmp is sharable/accessible it should be them when protecting the user content, things that shouldnt be sharable or be widely accessible should get a private user content type. In my personal policy, i dont make a fuss about stuff manage generic user content (if they need it ofcourse). However i do make it a point to give any sensitive user content a private type
Attachment:
pgpxMlJCay_bL.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
