[refpolicy] [PATCH 1/4] Support layman through its own domain
Sven Vermeulen
sven.vermeulen at siphos.be
Tue Aug 16 23:13:09 CDT 2011
On Tue, Aug 16, 2011 at 5:59 PM, Christopher J. PeBenito
<cpebenito at tresys.com> wrote:
> Have you considered transitioning to portage_fetch_t for the fetch? Since
> there already is SELinux aware code in portage, it seems like it would be
> easy to get that into layman, especially if layman uses portage libraries (I
> don't know if it does). Alternatively, you could try transitioning to
> portage_fetch_t when running layman; its been a while since I used it, so
> I'm not completely sure if that makes sense.
We tried launching layman within portage_fetch_t, but that required
too many additions to the portage_fetch_t domain itself. We might be
able to make layman SELinux-aware and transition from layman_t to
portage_fetch_t, but that will take some time (layman is developed by
other developers than Portage and I'm not sure who to contact for
adding SELinux support within the application - I'm myself not
experienced enough to take that on me, I'm just a policy writer ;-)
Wkr,
Sven Vermeulen
More information about the refpolicy
mailing list