[refpolicy] Transition unconfined users to dpkg_t domain

Laurent Bigonville bigon at debian.org
Thu Jan 9 07:24:49 EST 2014


Resending to the ML as the CC was lost.

Le Tue, 7 Jan 2014 18:12:07 +0100,
Laurent Bigonville <bigon at debian.org> a écrit :

> Le Tue, 7 Jan 2014 16:09:25 +0100,
> Sven Vermeulen <sven.vermeulen at siphos.be> a écrit :
> 
> > I think in general, unconfined should remain unconfined (i.e.
> > can_exec but no domtrans). Easier to keep as a principle.
> > 
> > I did make different patches in the past related to this, but have
> > since settled with this principle.
> 
> I agree with you here. But it seems that both rpm and portage have a
> domtrans. I was wondering if the fact that dpkg has no such rules was
> intentional or just because it was not supporting dpkg_script_t a the
> time (or something like that).

Mhhh, actually I think the domtrans is required. dpkg now uses
its own copy of rpm_execcon()/setexecfilecon() which tries to run the
maintainer script in dpkg_exec_t.

The code uses setexeccon() to setup the exec context and will fail if
the context cannot be set.

Laurent Bigonville

PS: any reasons you have removed the cc to the ML?


More information about the refpolicy mailing list