vernal plinth
I don't see a need for trivalent to have access to all my folders. Is there a way to limit the files that Trivalent has access to? For example, I don't want it to have access to my root directory (except for its own folders), or for instance, I don't want it to have access to my music folder in my home dir.
I know that the faq says that Trivalent doesn't work with bubblejail, so I'm asking if there's another way.
Is it possible to limit the files trivalent has access to?
wanton root
does trivalent has access to all folders?
indigo sorrel
Trivalent is confined by SELinux policy on Secureblue, so probably the best way to further confine Trivalent would be to modify its SELinux policy. you can see here for example the part of the policy that gives access to the home directory: https://github.com/secureblue/secureblue/blob/live/files/scripts/selinux/trivalent/trivalent.te#L104-L110
# homedir access
allow trivalent_t user_home_t:dir { manage_dir_perms };
allow trivalent_t user_home_t:file { manage_file_perms };
allow trivalent_t user_home_t:lnk_file { manage_lnk_file_perms };
allow trivalent_t audio_home_t:dir { manage_dir_perms };
allow trivalent_t audio_home_t:file { manage_file_perms };
allow trivalent_t audio_home_t:lnk_file { manage_lnk_file_perms };
so if you want to remove its access to the Music folder, I think it should work to just remove the lines granting it permissions for audio_home_t
wanton root
do trivalent even needs homedir access when using portal?
haughty zinc
do trivalent even needs homedir access when using portal?
Through selinux, it does, since the portal depends on the caller's label