Re: SELinux directory polyinstantiation and gvfs

From: David Zeuthen <david fubar dk>
To: Xavier Toth <txtoth gmail com>
Cc: gvfs-list gnome org
Subject: Re: SELinux directory polyinstantiation and gvfs
Date: Wed, 16 Sep 2009 09:43:19 -0400

On Wed, 2009-09-16 at 08:25 -0500, Xavier Toth wrote:
> We develop a system using SELinux MLS policy and are polyinstantiating
> a number of directories based on context and level (man pam_namespace
> and namespace.conf). For example we polyinstantiate /tmp. In our
> configuration pam_namespace mounts /tmp on another directory
> /tmp.inst/<hash representing the context and level>. Now let's say a
> user saves a page in firefox to /tmp and then brings up nautilus and
> tries to find the saved page. Well they won't find the saved page in
> /tmp but rather in a subdirectory of /tmp.inst which will be
> confusing. So our question is can gvfs be used in some way to alter
> the representation of the file system to hide the complexity of
> polyinstantiation?

I don't think GIO/GVfs can be of much help here.

I'm curious why you'd want firefox and nautilus instances in the _same_
session to see different /tmp directories - seems like a lot of things
would break this way. Why?

FWIW, I remember someone talking about bug/feature-request (can't
remember where, think it's in Mozilla's bug database) asking for Firefox
to use ~/Download instead of /tmp for such things. This was for
usability purposes but it might work for you as well.

     David

Follow-Ups:
- Re: SELinux directory polyinstantiation and gvfs
  - From: Xavier Toth

References:
- SELinux directory polyinstantiation and gvfs
  - From: Xavier Toth

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]