fix(selinux): Allow creation of icons for PWAs#778
Conversation
…lders Signed-off-by: PhysicsIsAwesome <69597878+PhysicsIsAwesome@users.noreply.github.com>
…r needed Signed-off-by: PhysicsIsAwesome <69597878+PhysicsIsAwesome@users.noreply.github.com>
Up to standards ✅🟢 Issues
|
|
I like this change, but I have concerns about labelling integrity upon updates; namely how we can be sure that this directory in the user's home directory will be labelled appropriately, given that, as far as I understand, we have no reliable way of relabelling existing user content for updates. cc @RoyalOughtness. |
The directory will keep the standard label
Is there something which should be changed in this PR? |
My concern is that Trivalent could have already created stuff for existing installs, and that won't have the type transition added here unfortunately
I don't think so, I think we'll need a separate change for this with a bit of relabelling infrastructure. However, I suppose this also doesn't change existing permissions (in the sense that it's currently denied), so I actually think this should be fine to merge |
2 participants
Trivalent needs to be able to create icons under subfolders of
$HOME/.local/share/icons/..., including missing folders in that path.I decided against simply allowing write access to type
data_home_t, because some executables are of this type, to not introduce WX.Thus I introduced a new type
trivalent_data_home_tfor files indata_home_tdirs, including the necessary filetrans. It also allows creation of directories of typedata_home_t, in case they don't already exist.I tested installing and uninstalling a PWA.
It also contains a small fix, with missing
trivalent_home_cdm_lib_tmissing in agen_requireblock.