From: bigon@debian.org (Laurent Bigonville)
Date: Tue, 7 Jan 2014 13:29:19 +0100
Subject: [refpolicy] Transition unconfined users to dpkg_t domain
Message-ID: <20140107132919.5779c6c0@soldur.bigon.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello,

Currently in the refpolicy unconfined users can transition to the rpm_t
(and then to rpm_script_t) domain when using the rpm commands.

On the other hand, the transition is not allowed for unconfined users
to transition to dpkg_t. Shouldn't also be the case?

I can propose a patch if you want, but I prefer to ask first as I know
there are some discussion about transitioning users out of the
unconfined domain.

Also, since 1.17.0, dpkg is transitioning maintainer scripts to the
dpkg_script_t domain. Unfortunately the dpkg-reconfigure script (which
is in perl) is not doing so. An idea how this should be done? I've
opened [0] is somebody is interested.

Cheers,

Laurent Bigonville

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732845