On Wed, 2005-02-23 at 13:38 +0000, Mike Hearn wrote:
On Wed, 23 Feb 2005 06:22:11 -0500, Ivan Gyurdiev wrote:
That's because right now it runs in a "generic" user_t domain, which is used for all programs without their own policy. I don't think the SELinux people will agree to a workaround that applies to every other program in this domain.
Incidentally, am I the only one who thinks it's stupid for SELinux to be developing policy for random desktop applications upstream? I've raised this with the Fedora SELinux guys before - that approach can never work reliably.
I can't comment on that - I'm just a novice contributor and I'm trying to help with what I can. I believe they do this so that security issues are centralized in one place. I'm not sure how mandatory the mandatory access control becomes otherwise. From a practical standpoint I can tell you that writing this thing is not completely trivial, so it helps if people have some experience writing other policies.
You guys really need to nail stable binary distribution of policy *first*, and then write decent documentation so the people actually working on Inkscape can write and maintain policy. Otherwise the moment a new version comes out it'll require some random permission it the policy doesn't allow, and break in mysterious and subtle ways.
That's a good point - perhaps you should discuss it on the NSA list.
That does not apply to inkscape, however, since as I've mentioned inkscape runs in the generic user_t domain, which provides basic permissions to most desktop apps. If inkscape was changed to do something specialized that didn't apply to user_t (like require RWE stack permissions), I suppose it would need its own policy.