[refpolicy] Transition unconfined users to dpkg_t domain

Stephen Smalley sds at tycho.nsa.gov
Fri Jan 10 14:58:43 EST 2014


On 01/10/2014 01:52 PM, Dominick Grift wrote:
> On Fri, 2014-01-10 at 13:40 -0500, Stephen Smalley wrote:
> 
>>
>> Ok, I don't agree.  That way lies madness - a never-ending set of
>> changes to userspace programs to re-implement everything already
>> provided transparently through policy domain transitions and file type
>> transitions.
>>
> 
> Not sure if i am choosing my words right here but rpm_t, rpm_script_t
> domains are a fallacy in the first place:
> 
> # seinfo -xaunconfined_domain_type | grep rpm
>       rpm_t
>       rpm_script_t

That's true.  There was an original vision of confining rpm, decomposing
it, etc, that never got past the prototype stage.




More information about the refpolicy mailing list