From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Mon, 25 Jun 2012 16:35:06 +0200
Subject: [refpolicy] [PATCH v2 3/5] Adding dracut policy
In-Reply-To: <4FE82038.7070707@redhat.com>
References: <20120624180258.GA11810@siphos.be>
	<20120624180448.GD11810@siphos.be>
	<1340566929.8671.10.camel@x220.mydomain.internal>
	<4FE82038.7070707@redhat.com>
Message-ID: <20120625143506.GB14206@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Jun 25, 2012 at 10:24:24AM +0200, Miroslav Grepl wrote:
> I believe dracut should stay as unconfined domain. Also you probably 
> will see other domains which are want to execute dracut. And I would 
> think transitions will be needed rather than just execute apps in the 
> dracut domain.

I don't mind people or organizations opting to use unconfined domains, but I
strive to run all applications, services and users in a confined manner. It
is easy enough, like Dominick said, to add an optional unconfined_domain()
to make us all happy ;-)

Wkr,
	Sven Vermeulen