From: dwalsh@redhat.com (Daniel J Walsh)
Date: Sat, 13 Feb 2010 07:20:49 -0500
Subject: [refpolicy] system_userdomain.patch
In-Reply-To: <1266006376.11004.34.camel@gorn.columbia.tresys.com>
References: <4AFC89A1.1090406@redhat.com>
	<1266006376.11004.34.camel@gorn.columbia.tresys.com>
Message-ID: <4B769921.80105@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/12/2010 03:26 PM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 17:18 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_userdomain.patch
>>
>> Widely varied from upstream because of consolodating on attributes
>> rather then types.
> 
> In principle this is fine, but I'm trying to hold out for a proper
> clone/copy mechanism to be available again.  When that comes around, I'd
> have to undo this change.
> 
Maybe, but we have been waiting for the clone/copy mechansim for several years now.  :^(

I have a hard time many people can use confined users without this mechanism or other distros do not use the exec* checks.
Or they do not use java/mono applications.