From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Wed, 17 Aug 2011 04:13:09 +0000 Subject: [refpolicy] [PATCH 1/4] Support layman through its own domain In-Reply-To: <4E4AAFEB.2080506@tresys.com> References: <20110813182048.GA12571@siphos.be> <20110813182221.GB12571@siphos.be> <4E4AAFEB.2080506@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, Aug 16, 2011 at 5:59 PM, Christopher J. PeBenito wrote: > Have you considered transitioning to portage_fetch_t for the fetch? Since > there already is SELinux aware code in portage, it seems like it would be > easy to get that into layman, especially if layman uses portage libraries (I > don't know if it does). ?Alternatively, you could try transitioning to > portage_fetch_t when running layman; its been a while since I used it, so > I'm not completely sure if that makes sense. We tried launching layman within portage_fetch_t, but that required too many additions to the portage_fetch_t domain itself. We might be able to make layman SELinux-aware and transition from layman_t to portage_fetch_t, but that will take some time (layman is developed by other developers than Portage and I'm not sure who to contact for adding SELinux support within the application - I'm myself not experienced enough to take that on me, I'm just a policy writer ;-) Wkr, Sven Vermeulen