[refpolicy] Transition unconfined users to dpkg_t domain

Laurent Bigonville bigon at debian.org
Thu Jan 9 10:57:38 EST 2014


Le Thu, 09 Jan 2014 14:46:48 +0100,
Dominick Grift <dominick.grift at gmail.com> a écrit :

> On Thu, 2014-01-09 at 13:24 +0100, Laurent Bigonville wrote:
> > Resending to the ML as the CC was lost.
> > 
> > Le Tue, 7 Jan 2014 18:12:07 +0100,
> > Laurent Bigonville <bigon at debian.org> a écrit :
> > 
> > > Le Tue, 7 Jan 2014 16:09:25 +0100,
> > > Sven Vermeulen <sven.vermeulen at siphos.be> a écrit :
> > > 
> > > > I think in general, unconfined should remain unconfined (i.e.
> > > > can_exec but no domtrans). Easier to keep as a principle.
> > > > 
> 
> I agree, if it was not for MLS requirements i would probably do the
> same for sysadm_t
> 
> Would have been even nicer IMHO if we could get rid of those package
> manager domains in general. unfortunately i do not think that is
> feasible since unprivileged users sometimes are also able to use the
> package managers to install files via setuid/setgid frontends.

rpm (and now dpkg since 1.17) are explicitly trying to run the
maintainer scripts in a specific domain (see
rpm_execcon()/setexecfilecon()).

So this means that an unconfined user trying to run dpkg in enforce
mode will get an error (my laptop is running in permissive so I didn't
saw that before) as context_type_set() will fail.

An idea how to fix this?

Cheers,

Laurent Bigonville


More information about the refpolicy mailing list