[refpolicy] Transition unconfined users to dpkg_t domain

Daniel J Walsh dwalsh at redhat.com
Fri Jan 10 09:59:48 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2014 09:51 AM, Stephen Smalley wrote:
> On 01/10/2014 06:47 AM, Laurent Bigonville wrote:
>> Le Thu, 09 Jan 2014 15:32:03 -0500, Stephen Smalley <sds at tycho.nsa.gov> a
>> écrit :
>> 
>>> On 01/09/2014 03:26 PM, Daniel J Walsh wrote:
>>>> 
>>>> It has been like that for years.  Might have been a chicken and egg 
>>>> problem on initial install.  RPM Now has better flexibility.
>>> 
>>> bootstrapping issue - needed to know the right domain prior to any 
>>> policy files being installed on the filesystem.
>> 
>> Does that means that rpm and dpkg are supposed to work even if the files 
>> in /etc/selinux/<my_current_policy> are missing?
>> 
>> With dpkg (that use the rpm_execcon-like function) I'm getting the 
>> following error in that case: cannot get security labeling handle: No
>> such file or directory
> 
> I think they always set down a pre-generated file_contexts file just for 
> that purpose, but otherwise weren't guaranteed any other config files. But
> that was all the original rpm selinux integration; I don't know the current
> state of things.
> 
Hasn't changed much, since the early years.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLQCuQACgkQrlYvE4MpobPEEwCfffqBG6rHNMWJN7tk3ATQrlQZ
9hUAnR2zACg8EXslMoevAvrHWOf7hN3n
=xlPl
-----END PGP SIGNATURE-----


More information about the refpolicy mailing list