On Mon, 2005-03-28 at 00:03 -0500, Ivan Gyurdiev wrote:
> Okay that was an unfinished email - sorry for my stupidity - I was
> editing it and changing things and clicked send by mistake.
>
> The problem is accurately described (in the first part of the email) and
> what I was getting to - I'm trying to imagine how desktop apps can be
> confined properly in the future (and right now, for that matter). How
> will they interoperate and share data?
>
> I was thinking of a ~/downloads folder with a shared context, but
> this makes sense for apps that download stuff. In the future if desktop
> apps are confined (say openoffice, abiword) this becomes a more generic
> problem.

Part of the problem seems to be the way Linux apps treat /home, as the place for everything. Why are both app. settings and user data stored in /home as the default location. That's where the problem comes from, and that seems like a bad idea - the user doesn't care about app settings and system files - they are not to be edited directly. That's why they're hidden in the first place.

Now Windows' approach of having "My Documents" and the like is starting to make a lot of sense (even though I absolutely hate those names).

If app settings were kept separate, in a non-selinux environment you could export your data files w/out exporting hidden important files like your gpg keys.

If app settings were kept separate, you could restorecon those settings to correct contexts. Dwalsh said restorecon skips /home today because it could accidentaly reveal out-of-place gpg keys, or because it might be really big. Both those problems would not apply if settings were in a separate place - you could just restorecon the settings.

-- 
Ivan Gyurdiev <ivg2@cornell.edu>
Cornell University


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.