• 1
XMonad actually compiles your configuration file, (which is nothing more than a haskell source file), and turns that into a custom window manager. I suppose the sysadmin that sets up xmonad for all the lucky users will probably know to precompile it, and direct xmonad to find it somewhere better. Even so, it seems that certain classes of programs have a very strong use case for being able to import new code to execute, and may do it inside /home.

Rather than just saying no to these sorts of programs, it would be great if we can look at what kind of code these programs might execute, and how to do it so it is restricted to certain levels.


That is why there is a boolean option to turn this off

You also have the option of writing policy for XMonad, so that it would be able to do it's thing, via a transition. The point being that SELinux gives us the ability to decide what gets to be executed in the Home Dir, and prevent some of the problems/vulnerabilities that have plagued that other desktop Operating System.

  • 1

Log in