Moving /etc/fonts/ to fonts_t?

Jan Kasprzak kas at fi.muni.cz
Fri Mar 6 14:15:13 UTC 2009


Daniel J Walsh wrote:
: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
: 
: Daniel J Walsh wrote:
: > Jan Kasprzak wrote:
: >> 	In my Fedora 10 system, all fonts under /usr/share/fonts
: >> are of the fonts_t type, while the fontconfig files under /etc/fonts
: >> are of the default etc_t type. I think it would make sense to move
: >> the whole /etc/fonts directory under the fonts_t type, so that user
: >> can easily say "this domain can use fonts" and be done without allowing
: >> the domain to read the whole /etc directory and files.
: > 
: > yes.  If there are fonts in /etc/fonts it should be labeled fonts_t
: if they are not fonts though lots of domains can write to fonts_t

	These are configuration files for fontconfig-based fonts
(used by GNOME/KDE, xetex, ...). Virtual fonts like "mono" or "serif"
are described here, etc. It probably makes sense that everybody who
can legally write /usr/share/fonts should also be able to write to /etc/fonts.

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<




More information about the fedora-selinux-list mailing list