When logging in to KDE a file .DCOPserver_hostname__0 is created in the home directory and a symlink named .DCOPserver_hostname_:0 is created to point to it.
There are several other files that have been used by different versions of KDE, there was .MCOP-random-seed and there were a few others. I think that these files should be created in a subdirectory so that they can be easily tracked, controlled, and removed when not needed. One problem I am currently dealing with is that I want to run games under a different context that is denied read access to regular files (so a game can't send my private data over the net if cracked) and given read-only access to it's config files. I've currently got my ~/.qt and ~/.kde directories set to the type user_games_ro_t so that games can read them but not write them (and regular processes can write them). However the games still need access to /tmp/.ICE-unix (which is a bad idea anyway for security reasons), ~/.DCOPserver_hostname__0, and /tmp/ksocket-user. For /tmp/ksocket-user and /tmp/.ICE-unix, will KDE use an environment variable for specifying the tmp directory? If so it shouldn't be difficult to solve this. Also what is the point of the .ICE-unix directory anyway? But the .DCOPserver* files are a more serious problem. IMHO the core code should be changed to put them somewhere more appropriate. I'd be happy to offer a patch if someone's interested in merging it (either in Debian packages or upstream). While we're at it, the error handling in QT could probably be improved. If you are denied access to create ~/.qt/.qtrc.lock then trying it four times is not going to get you access... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
