Desktop apps interoperability
Stephen Smalley
sds at tycho.nsa.gov
Mon Mar 28 13:43:39 UTC 2005
On Sun, 2005-03-27 at 23:57 -0500, Ivan Gyurdiev wrote:
> Fundamentally, what I want to know is:
>
> 1) Do desktop apps need to be confined? Is it a good idea to confine
> them?
Yes.
> 2) If so, a shared data type is needed for interoperability.
> Is ROLE_home_t acceptable for that purpose.
A shared data type may be fine, but ROLE_home_t isn't what you want to
use. And yes, separating settings from data is useful, and yes,
littering user's top-level home directories with application settings
considered harmful.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the fedora-selinux-list
mailing list