[refpolicy] Transition unconfined users to dpkg_t domain
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 10 09:59:48 EST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 01/10/2014 09:51 AM, Stephen Smalley wrote:
> On 01/10/2014 06:47 AM, Laurent Bigonville wrote:
>> Le Thu, 09 Jan 2014 15:32:03 -0500, Stephen Smalley <sds at tycho.nsa.gov> a
>> écrit :
>>> On 01/09/2014 03:26 PM, Daniel J Walsh wrote:
>>>> It has been like that for years. Might have been a chicken and egg
>>>> problem on initial install. RPM Now has better flexibility.
>>> bootstrapping issue - needed to know the right domain prior to any
>>> policy files being installed on the filesystem.
>> Does that means that rpm and dpkg are supposed to work even if the files
>> in /etc/selinux/<my_current_policy> are missing?
>> With dpkg (that use the rpm_execcon-like function) I'm getting the
>> following error in that case: cannot get security labeling handle: No
>> such file or directory
> I think they always set down a pre-generated file_contexts file just for
> that purpose, but otherwise weren't guaranteed any other config files. But
> that was all the original rpm selinux integration; I don't know the current
> state of things.
Hasn't changed much, since the early years.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the refpolicy