[refpolicy] Transition unconfined users to dpkg_t domain

Laurent Bigonville bigon at debian.org
Thu Jan 9 11:19:32 EST 2014


Le Thu, 09 Jan 2014 17:12:52 +0100,
Dominick Grift <dominick.grift at gmail.com> a écrit :

> On Thu, 2014-01-09 at 16:57 +0100, Laurent Bigonville wrote:
> 
> > rpm (and now dpkg since 1.17) are explicitly trying to run the
> > maintainer scripts in a specific domain (see
> > rpm_execcon()/setexecfilecon()).
> > 
> > So this means that an unconfined user trying to run dpkg in enforce
> > mode will get an error (my laptop is running in permissive so I
> > didn't saw that before) as context_type_set() will fail.
> > 
> > An idea how to fix this?
> 
> Nope, but i think this should be at least configurable. Heck, how does
> dpkg know what type to use with setexeccon? Is that hard-coded? Is
> there some configuration file somewhere that it reads that tells it
> what type to use? if so then maybe you can also use that to tell it
> when to use it and when not?

Actually it's the same code as rpm currently uses.

It looks at the fcontext of the script then uses secure_compute_create
to see if a transition would occures. If it's the case it will make it
transition to that context, otherwise it's indeed using a hardcoded
context.


More information about the refpolicy mailing list