[refpolicy] Transition unconfined users to dpkg_t domain

Stephen Smalley sds at tycho.nsa.gov
Fri Jan 10 09:51:17 EST 2014


On 01/10/2014 06:47 AM, Laurent Bigonville wrote:
> Le Thu, 09 Jan 2014 15:32:03 -0500,
> Stephen Smalley <sds at tycho.nsa.gov> a écrit :
> 
>> On 01/09/2014 03:26 PM, Daniel J Walsh wrote:
>>>
>>> It has been like that for years.  Might have been a chicken and egg
>>> problem on initial install.  RPM Now has better flexibility.
>>
>> bootstrapping issue - needed to know the right domain prior to any
>> policy files being installed on the filesystem.
> 
> Does that means that rpm and dpkg are supposed to work even if the files
> in /etc/selinux/<my_current_policy> are missing?
> 
> With dpkg (that use the rpm_execcon-like function) I'm getting the
> following error in that case:
>  cannot get security labeling handle: No such file or directory

I think they always set down a pre-generated file_contexts file just for
that purpose, but otherwise weren't guaranteed any other config files.
But that was all the original rpm selinux integration; I don't know the
current state of things.



More information about the refpolicy mailing list