From: russell@coker.com.au (Russell Coker)
Date: Tue, 9 Mar 2010 13:14:02 +1100
Subject: [refpolicy] user vs unconfined
Message-ID: <201003091314.03493.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Why do unconfined_t and user_t use the same file types for almost everything 
in the latest policy?

This means that if an unconfined user has bad Unix permissions on their home 
directory then user_t can replace a file that will be executed and therefore 
gain unconfined_t access.

So is there any benefit in using user_t in such a scheme?  If there isn't a 
benefit, and as almost all users of the Fedora policy will only use 
unconfined_t for user sessions it seems that the thing to do would be to 
restore the previous separation of user_t, staff_t, sysadm_t, and 
unconfined_t for those who need it as it won't actually affect the Fedora 
users.

Or of course I could just maintain a private fork of the policy for Debian.

Since 2002 the Debian policy has denied root:user_r:user_t the ability to take 
over the system and I plan to keep it that way.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog