[refpolicy] [PATCH/RFC] Add support for the skype_t domain
Sven Vermeulen
sven.vermeulen at siphos.be
Wed Aug 3 08:42:56 CDT 2011
On Fri, Jul 29, 2011 at 08:59:33AM -0400, Christopher J. PeBenito wrote:
> On 07/24/11 11:38, Sven Vermeulen wrote:
> > The skype application is a popular voice and video chat application.
> > This patch adds preliminary support for skype on SELinux.
[...]
> > +userdom_manage_user_home_content_dirs(skype_t)
> > +userdom_manage_user_home_content_files(skype_t)
>
> Is this really necessary since there is skype_home_t?
Depends on the use case, but Skype can be used to send and receive files, so
skype_t needs to be able to manage the users' home directory content.
Not that I'm happy with that, but it seems to be how most applications
handle this. I personally prefer a specific type for interacting with the
"outside" world (user_download_t or so) and have the apps be able to manage
that type rather than user_home_t. But that does make it more difficult to
explain to users (not really userfriendly).
Thanks for the feedback (also on the other RFC mail)!
Wkr,
Sven Vermeulen
More information about the refpolicy
mailing list