Desktop apps interoperability

Tom tom at lemuria.org
Mon Mar 28 11:26:54 UTC 2005


On Mon, Mar 28, 2005 at 12:27:31AM -0500, Ivan Gyurdiev wrote:
> Part of the problem seems to be the way Linux apps treat /home, as the
> place for everything. 

It doesn't. It treats $HOME as the only place that the user has
permission to store his stuff. On a well-configured system, that
assumption is correct.


> Why are both app. settings and user data stored
> in /home as the default location. 

Because otherwise the user couldn't add or edit them.


> Now Windows' approach of having "My Documents" and the like is starting
> to make a lot of sense (even though I absolutely hate those names).

The Linux approach, however, allows much more flexibility.

If you want applications to share data, there are several ways to
accomplish that goal. Here's just a quick idea:

* add $HOME/Downloads as a directory
* give it its own type, maybe ROLE_downloads_t
* give mozilla permissions to write there, with file_type_auto_trans
* give mplayer permissions to the resulting files

voila, mplayer can now play stuff downloaded from the web, without
opening up the big hole of giving it permissions to all mozilla files.


Another solution, for a more paranoid environment would be adding a
virus/malware scanner domain that can read mozilla's files and write them 
out again (after checking and/or cleaning) as a regular ROLE_home_t
file. This would ensure that any files fully accessible in the home
directory have been scanned.



The point is - I may or may not want mplayer to play random stuff from
the web with potentially dangerous content. If you want to, evaluate
your security requirements and institute the appropriate solution.


-- 
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom at lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5




More information about the fedora-selinux-list mailing list