[refpolicy] Transition unconfined users to dpkg_t domain
russell at coker.com.au
Sat Jan 11 19:59:03 EST 2014
On Fri, 10 Jan 2014 20:19:26 Dominick Grift wrote:
> > The set of changes you're referring to is not never-ending, and they're
> > currently definitely not transparent.
> I agree, Whether you transition to RPM domain or not, The files will
> still be created with the right context because RPM uses libselinux for
> that regardless. There is no reason to domain transition to
> rpm_t/rpm_script_t because that domain is as unconfined as unconfined_t.
If daemons are launched by the package management system then transitioning
from a domain like rpm_script_t or dpkg_script_t might be better than
transitioning from the domain used by the sysadmin (unconfined_t or sysadm_t).
I have the impression that Red Hat is going all systemd, so all daemons should
be launched from it instead of being launched directly. In Debian the init
issue is still being debated, but I guess we could just make systemd the
primary target and not worry too much if things don't work as well on other
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the refpolicy