Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Desktop apps interoperability
From: Ivan Gyurdiev <ivg2_at_cornell.edu>
Date: Wed, 30 Mar 2005 11:13:24 -0500
Do you have a better proposal for restricting desktop applications to minimum privilege? Nothing needs to be rearchitectured. The user just needs to be made aware that this is where the documents belong, and the app can't write all over the place like it would in a non-selinux environment. Apps that still run in user_t would be unaffected until their policy is changed. Of course, I'm thinking in the future such folders would be prominently displayed in Gnome with their own little icons, and their windows-style names like "My Media" or whatever (which should not be the same as the actual dir. name), and those would go in the Places menu or something, and sound juicer for example would know to write there by default as opposed to somewhere else. I guess this discussion now becomes more GNOME-oriented, now that I think about it. Maybe I should go bother the GNOME people to see what they think about adding content-specific folders to /home that we can label with different contexts.. ... or am I missing something fundamental here? -- Ivan Gyurdiev <ivg2@cornell.edu> Cornell University -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 30 Mar 2005 - 11:08:39 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |