FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-06-2009, 01:00 PM
Jan Kasprzak
 
Default Moving /etc/fonts/ to fonts_t?

In my Fedora 10 system, all fonts under /usr/share/fonts
are of the fonts_t type, while the fontconfig files under /etc/fonts
are of the default etc_t type. I think it would make sense to move
the whole /etc/fonts directory under the fonts_t type, so that user
can easily say "this domain can use fonts" and be done without allowing
the domain to read the whole /etc directory and files.

What do you think about it? Does it make sense to modify the default
Fedora policy according to these lines?

-Yenya

--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
>> If you find yourself arguing with Alan Cox, you’re _probably_ wrong. <<
>> --James Morris in "How and Why You Should Become a Kernel Hacker" <<

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-06-2009, 01:05 PM
Daniel J Walsh
 
Default Moving /etc/fonts/ to fonts_t?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jan Kasprzak wrote:
> In my Fedora 10 system, all fonts under /usr/share/fonts
> are of the fonts_t type, while the fontconfig files under /etc/fonts
> are of the default etc_t type. I think it would make sense to move
> the whole /etc/fonts directory under the fonts_t type, so that user
> can easily say "this domain can use fonts" and be done without allowing
> the domain to read the whole /etc directory and files.
>
> What do you think about it? Does it make sense to modify the default
> Fedora policy according to these lines?
>
> -Yenya
>
yes. If there are fonts in /etc/fonts it should be labeled fonts_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmxLbEACgkQrlYvE4MpobM49ACfQ6qNY37cS8 5ke9kw2hrYCNuB
SE0AoMuKcplP2fX2Gy4mVGOwHyv+kuy0
=Z7uc
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-06-2009, 01:08 PM
Daniel J Walsh
 
Default Moving /etc/fonts/ to fonts_t?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel J Walsh wrote:
> Jan Kasprzak wrote:
>> In my Fedora 10 system, all fonts under /usr/share/fonts
>> are of the fonts_t type, while the fontconfig files under /etc/fonts
>> are of the default etc_t type. I think it would make sense to move
>> the whole /etc/fonts directory under the fonts_t type, so that user
>> can easily say "this domain can use fonts" and be done without allowing
>> the domain to read the whole /etc directory and files.
>
>> What do you think about it? Does it make sense to modify the default
>> Fedora policy according to these lines?
>
>> -Yenya
>
> yes. If there are fonts in /etc/fonts it should be labeled fonts_t
if they are not fonts though lots of domains can write to fonts_t



- --
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmxLkAACgkQrlYvE4MpobN9rQCbBq51YaslKt 7yHf5ZACOXv8Yk
iBYAnRTuU4dIgEHD15t4BgVxDOWv6aQ6
=xcLX
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-06-2009, 01:15 PM
Jan Kasprzak
 
Default Moving /etc/fonts/ to fonts_t?

Daniel J Walsh wrote:
: -----BEGIN PGP SIGNED MESSAGE-----
: Hash: SHA1
:
: Daniel J Walsh wrote:
: > Jan Kasprzak wrote:
: >> In my Fedora 10 system, all fonts under /usr/share/fonts
: >> are of the fonts_t type, while the fontconfig files under /etc/fonts
: >> are of the default etc_t type. I think it would make sense to move
: >> the whole /etc/fonts directory under the fonts_t type, so that user
: >> can easily say "this domain can use fonts" and be done without allowing
: >> the domain to read the whole /etc directory and files.
: >
: > yes. If there are fonts in /etc/fonts it should be labeled fonts_t
: if they are not fonts though lots of domains can write to fonts_t

These are configuration files for fontconfig-based fonts
(used by GNOME/KDE, xetex, ...). Virtual fonts like "mono" or "serif"
are described here, etc. It probably makes sense that everybody who
can legally write /usr/share/fonts should also be able to write to /etc/fonts.

-Yenya

--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
>> If you find yourself arguing with Alan Cox, you’re _probably_ wrong. <<
>> --James Morris in "How and Why You Should Become a Kernel Hacker" <<

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 06:38 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org