From: bigon@debian.org (Laurent Bigonville)
Date: Sat, 11 Jan 2014 15:23:22 +0100
Subject: [refpolicy] [PATCH] Allow unconfined users to transition to dpkg_t
	domain
Message-ID: <1389450202-22501-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

dpkg is now using rpm_execcon()/setexecfilecon()-like function to
transition to the dpkg_script_t domain. This function will fail in
enforcing mode if the transition is not allowed.
---
 policy/modules/system/unconfined.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 667f2a0..c22d964 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -76,6 +76,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	dpkg_run(unconfined_t, unconfined_r)
+')
+
+optional_policy(`
 	firstboot_run(unconfined_t, unconfined_r)
 ')
 
-- 
1.8.5.2