From: bigon@debian.org (Laurent Bigonville) Date: Thu, 9 Jan 2014 13:24:49 +0100 Subject: [refpolicy] Transition unconfined users to dpkg_t domain In-Reply-To: <20140107181207.13f8826d@soldur.bigon.be> References: <20140107132919.5779c6c0@soldur.bigon.be> <20140107181207.13f8826d@soldur.bigon.be> Message-ID: <20140109132449.783398e6@soldur.bigon.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Resending to the ML as the CC was lost. Le Tue, 7 Jan 2014 18:12:07 +0100, Laurent Bigonville a ?crit : > Le Tue, 7 Jan 2014 16:09:25 +0100, > Sven Vermeulen a ?crit : > > > I think in general, unconfined should remain unconfined (i.e. > > can_exec but no domtrans). Easier to keep as a principle. > > > > I did make different patches in the past related to this, but have > > since settled with this principle. > > I agree with you here. But it seems that both rpm and portage have a > domtrans. I was wondering if the fact that dpkg has no such rules was > intentional or just because it was not supporting dpkg_script_t a the > time (or something like that). Mhhh, actually I think the domtrans is required. dpkg now uses its own copy of rpm_execcon()/setexecfilecon() which tries to run the maintainer script in dpkg_exec_t. The code uses setexeccon() to setup the exec context and will fail if the context cannot be set. Laurent Bigonville PS: any reasons you have removed the cc to the ML?