From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Wed, 17 Aug 2011 05:38:04 +0000
Subject: [refpolicy] [PATCH 1/4] Support layman through its own domain
In-Reply-To: <CAPzO=Nxcn52HwFCVsmnvB9Y12k0twm=PnRpJg79DTvvgCxv=dg@mail.gmail.com>
References: <20110813182048.GA12571@siphos.be>
	<20110813182221.GB12571@siphos.be> <4E4AAFEB.2080506@tresys.com>
	<CAPzO=Nxcn52HwFCVsmnvB9Y12k0twm=PnRpJg79DTvvgCxv=dg@mail.gmail.com>
Message-ID: <CAPzO=Nw8wfbwXGgnVGDHR8hnAPL+8bG_3u80WniuZLP1L0RkSw@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, Aug 17, 2011 at 4:13 AM, Sven Vermeulen
<sven.vermeulen@siphos.be> wrote:
> We tried launching layman within portage_fetch_t, but that required
> too many additions to the portage_fetch_t domain itself. We might be
> able to make layman SELinux-aware and transition from layman_t to
> portage_fetch_t, but that will take some time (layman is developed by
> other developers than Portage and I'm not sure who to contact for
> adding SELinux support within the application - I'm myself not
> experienced enough to take that on me, I'm just a policy writer ;-)

Well, considering that we will need to take a stab at putting
emerge-webrsync in portage_fetch_t too, I'll see if I can make it so
that layman works within that domain as well.

Wkr,
  Sven Vermeulen