From: dominick.grift@gmail.com (Dominick Grift)
Date: Thu, 09 Jan 2014 17:36:42 +0100
Subject: [refpolicy] Transition unconfined users to dpkg_t domain
In-Reply-To: <20140109171932.2c48b131@soldur.bigon.be>
References: <20140107132919.5779c6c0@soldur.bigon.be>
	<CAPzO=NxbnkP-M-GJhDxW4w=5q7Q6xWgG=m3J1p09ETTs-HuzNw@mail.gmail.com>
	<20140107181207.13f8826d@soldur.bigon.be>
	<20140109132449.783398e6@soldur.bigon.be>
	<1389275208.14773.43.camel@x220.localdomain>
	<20140109165738.77a1d0a8@soldur.bigon.be>
	<1389283972.15747.21.camel@x220.localdomain>
	<20140109171932.2c48b131@soldur.bigon.be>
Message-ID: <1389285402.15747.31.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2014-01-09 at 17:19 +0100, Laurent Bigonville wrote:

> 
> Actually it's the same code as rpm currently uses.
> 
> It looks at the fcontext of the script then uses secure_compute_create
> to see if a transition would occures. If it's the case it will make it
> transition to that context, otherwise it's indeed using a hardcoded
> context.

hard-coding configurable security identifiers is bad practice. I would
not look too much to Fedora.

In /etc/selinux there are config files that tell selinux aware programs
what context to use in what situations. Programs should consult those
config files, then use that information to determine whether to
transition or not, and where to.

Disclaimer: thats just my opinion