b4n left a comment (geany/geany#4590)

It's not very clear to me what the actual issue here is, but looking at the 
linker GP report I guess it has to do with default SELinux policies on 
some/many systems, right?

> https://geany.org/manual/reference/guidelines.html States
> 
> > Do never install anything into a user's home directory like installing the 
> > plugin binary in ~/.config/geany/plugins/. "
> 
> However, geany does search this path for plugins for anything the user builds 
> locally.

This might not be entirely clear, but this documentation is for plugin authors. 
It is meant to discourage to use this location as a default installation 
target, and rather use Geany's "system" plugin directory.  Nothing saying this 
path doesn't work, just that you shouldn't populate the user's config 
automatically.

> The symlink acquires the SELinux context of the target, so that works fine, 
> but, anyone who copies a file to that directory directly gets a executable in 
> a xdg_config_t directory.
> 
> https://specifications.freedesktop.org/basedir/latest/ states this is not 
> compliant.
> 
> > User-specific executable files may be stored in $HOME/.local/bin. 
> > Distributions should ensure this directory shows up in the UNIX $PATH 
> > environment variable, at an appropriate place.
> 
> I suggest changing the search directory for user defined plugins to the XDG 
> standard, which is supported by the default SELinux policy, and systemd-path. 
> 
> ~/.local/bin/geany/plugins/
> 
> The configs can remain, and are valid in the XDG_CONFIG location.

Just to be clear: those are *not* "executables" in the sense of what usually 
goes in *~/.local/bin*: XDG itself even suggests this should be in the `PATH`, 
and plugins definitely don't need be there.

So IIUC the issue is that many default SELinux policies don't allow the 
executable permission in *~/.config*, is that the issue?

So IMO there is *no* XDG Base Directory issue, as I don't believe what it calls 
an "executable" is simply a file with the execution permission, but rather an 
file with the execution permissions *meant to be run by the user* (so in the 
PATH). Plugins don't seem to qualify to me.

Whether it causes issue with default SELinux setups I can believe, but I'm not 
very knowledgeable about it.
*Without* SELinux the execution bit doesn't seem to matter for loading plugins 
though.

So maybe you could try and explain a little more clearly what the issue 
actually is?
Note also that placing plugins in the user's home is again *not* something that 
should usually be done *but* by the user herself.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/4590#issuecomment-4735568263
You are receiving this because you are subscribed to this thread.

Message ID: <geany/geany/issues/4590/[email protected]>

Reply via email to