[refpolicy] kdialog and Chromium
dominick.grift at gmail.com
Tue Jul 31 17:59:47 CDT 2012
On Tue, 2012-07-31 at 21:28 +0200, Sven Vermeulen wrote:
> On Tue, Jul 31, 2012 at 03:22:51PM -0400, Christopher J. PeBenito wrote:
> > > I'm actually more inclined (and am trying to) support a downloads type where
> > > browsers have the necessary rights to, but nowhere else. Browsers are a too
> > > public attack vector lately so the less I need it to write (or even read)
> > > user home content the better.
> > I can go for that solution too... like a mozilla_downloads_t, user_downloads_t, or similar.
> I'm currently looking at the XDG patch I mentioned a while back. The XDG
> standard defines some user-related locations (Downloads, Videos, Pictures)
> which I currently have labeled xdg_downloads_home_t (etc.) and marked as
> customizable (btw, took me a while to realise it is sufficient to just add
> "# customizable" after the type declaration to do so) so that users can mark
> it easily themselves.
> My XDG definitions:
> ~$ cat ~/.config/user-dirs.dirs
> Hence, xdg_downloads_home_t, xdg_videos_home_t, xdg_pictures_home_t and
> xdg_music_home_t. Don't immediately see a need for the other ones though.
This is generic user content we have a type for that: user_home_t.
We just need to confine all user application config, data and cache
content, or at least as much as possible.
browsers (and many other user agents) need to be able to read/write
generic user content. They dont need access to config, data or cache
content of programs they dont have business with.
> Sven Vermeulen
> refpolicy mailing list
> refpolicy at oss.tresys.com
More information about the refpolicy