Re: SELinux directory polyinstantiation and gvfs
- From: Xavier Toth <txtoth gmail com>
- To: David Zeuthen <david fubar dk>
- Cc: gvfs-list gnome org
- Subject: Re: SELinux directory polyinstantiation and gvfs
- Date: Wed, 16 Sep 2009 09:00:00 -0500
On Wed, Sep 16, 2009 at 8:43 AM, David Zeuthen <david fubar dk> wrote:
> On Wed, 2009-09-16 at 08:25 -0500, Xavier Toth wrote:
>> We develop a system using SELinux MLS policy and are polyinstantiating
>> a number of directories based on context and level (man pam_namespace
>> and namespace.conf). For example we polyinstantiate /tmp. In our
>> configuration pam_namespace mounts /tmp on another directory
>> /tmp.inst/<hash representing the context and level>. Now let's say a
>> user saves a page in firefox to /tmp and then brings up nautilus and
>> tries to find the saved page. Well they won't find the saved page in
>> /tmp but rather in a subdirectory of /tmp.inst which will be
>> confusing. So our question is can gvfs be used in some way to alter
>> the representation of the file system to hide the complexity of
>> polyinstantiation?
>
> I don't think GIO/GVfs can be of much help here.
>
> I'm curious why you'd want firefox and nautilus instances in the _same_
> session to see different /tmp directories - seems like a lot of things
> would break this way. Why?
Indeed this is the point I want everyone to see /tmp and not have to
know about /tmp.inst the ugliness of polyinstantiation.
I'm still trying to get my head around this stuff but what about FUSE?
>
> FWIW, I remember someone talking about bug/feature-request (can't
> remember where, think it's in Mozilla's bug database) asking for Firefox
> to use ~/Download instead of /tmp for such things. This was for
> usability purposes but it might work for you as well.
My use of firefox and /tmp was just an example.
>
> David
>
>
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
