[refpolicy] Transition unconfined users to dpkg_t domain

Dominick Grift dominick.grift at gmail.com
Sun Jan 12 07:25:30 EST 2014


On Sun, 2014-01-12 at 12:04 +1100, Russell Coker wrote:
> On Fri, 10 Jan 2014 19:52:25 Dominick Grift wrote:
> > Not sure if i am choosing my words right here but rpm_t, rpm_script_t
> > domains are a fallacy in the first place:
> > 
> > # seinfo -xaunconfined_domain_type | grep rpm
> >       rpm_t
> >       rpm_script_t
> 
> That's only if you have unconfined.pp loaded.  While it's not common to run 
> without it I aim to support such configurations in Debian and use them on some 
> of my systems.
> 

Yes and if you do not have it installed then you can rest assured that
eventually RPM fails somewhere due to lack of permissions.

unconfined_domain_type was associated to rpm_t/rpm_script_t for good
reason.




More information about the refpolicy mailing list