Le 01/01/17 à 16:35, Michael Biebl a écrit :
I still don't understand why we would need to move the tmpfiles config
file from systemd to x11-common. Mind you that I don't have any selinux
knowledge.
Afaics, in Debian we have selinux-policy-default which should contain
the selinux policy for the X11 tmp directories.
From a SELinux POV, well really depends of the policy used (the policy
can be seen as local admin configuration), but with the one shipped by
default in debian, the directories will end up being labeled as generic
tmp directories if the policy module for X is not loaded (on a server
for example). That would allow anybody to create files in these
directories, but is that a real security issue as they could do the same
in /tmp?
I initially thought it was something debian specific and told myself
that for consistency it might be interesting to move the config to the
x11-common package. But after seeing that it comes from systemd
upstream, I'm wondering if we should bother.
