A common VFS and a Common conf-system [Part II]
Waldo Bastian
bastian at kde.org
Thu Mar 3 18:40:34 EET 2005
On Thursday 03 March 2005 17:12, Alexander Larsson wrote:
> > >There are things you can't easily forward though, such as a selinux
> > >contexts.
> >
> > I really do think that, in the case of the VFS, it is better to not be
> > tied down to the existing keyring implementation. Again, quite frankly,
> > having the application communicate the authentication information
> > directly is a pretty bad idea. Rather defeats the whole purpose of even
> > using SELinux, which is in a large part about controlling data
> > flow. ;-)
>
> This is not related to gnome-keyring design though. The selinux context
> is a piece of data related to the original application managed by the
> kernel. If all i/o of all processes go through a common daemon, then you
> can't have different selinux context for the i/o of different apps.
> Essentially all apps get the same security context for i/o, and you've
> made selinux useless.
It wouldn't be useless, it only means you have delegated some of the
responsibility in that area to the VFS daemon. Whether that is desirable is
an open question that should be looked into.
Cheers,
Waldo
--
bastian at kde.org | Free Novell Linux Desktop 9 Evaluation Download
bastian at suse.com | http://www.novell.com/products/desktop/eval.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20050303/72fe27af/attachment.pgp
More information about the xdg
mailing list