[refpolicy] kdialog and Chromium

Sven Vermeulen sven.vermeulen at siphos.be
Tue Jul 31 14:28:49 CDT 2012


On Tue, Jul 31, 2012 at 03:22:51PM -0400, Christopher J. PeBenito wrote:
> > I'm actually more inclined (and am trying to) support a downloads type where
> > browsers have the necessary rights to, but nowhere else. Browsers are a too
> > public attack vector lately so the less I need it to write (or even read)
> > user home content the better.
> 
> I can go for that solution too... like a mozilla_downloads_t, user_downloads_t, or similar.

I'm currently looking at the XDG patch I mentioned a while back. The XDG
standard defines some user-related locations (Downloads, Videos, Pictures)
which I currently have labeled xdg_downloads_home_t (etc.) and marked as
customizable (btw, took me a while to realise it is sufficient to just add 
"# customizable" after the type declaration to do so) so that users can mark
it easily themselves.

My XDG definitions:

~$ cat ~/.config/user-dirs.dirs 
XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Music"
XDG_PICTURES_DIR="$HOME/Pictures"
XDG_VIDEOS_DIR="$HOME/Videos"

Hence, xdg_downloads_home_t, xdg_videos_home_t, xdg_pictures_home_t and
xdg_music_home_t. Don't immediately see a need for the other ones though.

Wkr,
	Sven Vermeulen


More information about the refpolicy mailing list