On Jan 3, 2017 8:00 AM, "Ralf Corsepius" <rc040...@freenet.de> wrote:
On 01/03/2017 01:33 PM, Dominik 'Rathann' Mierzejewski wrote: > On Tuesday, 03 January 2017 at 13:18, Ralf Corsepius wrote: > >> On 01/03/2017 11:53 AM, Martin Gansser wrote: >> >>> i am the package maintainer of boomaga and users told me that >>> there is a problem with access rights, when writing to ~/.cache >>> directory. >>> A selinux package already exists for testing in: >>> https://martinkg.fedorapeople.org/Review/test/boomaga/ >>> And a bugzilla bug report also exists: https://bugzilla.redhat.com/sh >>> ow_bug.cgi?id=1409115 >>> Bugreport on the boomaga developer site: https://github.com/Boomaga/boo >>> maga/issues/43 >>> >>> Can someone help to write the correct selinux rules ? >>> >> Well, rpms are not suppose to touch anything below $HOME at all. >> >> I.e. $HOME rsp. ~/ is out of rpm's (and SELinux's) business >> > > While the above is correct for rpm, SELinux does have business in > protecting $HOME. Just run ls -lZ in your home directory and see > for yourself. For example, ~/public_html has httpd_user_content_t > context, ~/bin has home_bin_t, ~/.config has config_home_t, etc. > Jikes, what a messy design! People seem to have forgotten that homes are completely out of a distro's control. They are not guaranteed to be on a local filesystem or on an SELinux-enabled filesystem and are not standardized by any standard .... Not really, there are standards and conventions for how apps store user specific settings inside the user's home directory. It's not even distro specific. With respect to non-SELinux enabled filesystem, they are not affected by these policies. But if the filesystem is SELinux enabled then having the distro specific policy is important.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
