From: dominick.grift@gmail.com (Dominick Grift) Date: Sun, 12 Jan 2014 13:25:30 +0100 Subject: [refpolicy] Transition unconfined users to dpkg_t domain In-Reply-To: <49627420.OsS9p7pMfV@russell.coker.com.au> References: <20140109165738.77a1d0a8@soldur.bigon.be> <52D03E91.1000600@tycho.nsa.gov> <1389379945.20258.33.camel@x220.localdomain> <49627420.OsS9p7pMfV@russell.coker.com.au> Message-ID: <1389529530.8106.14.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 2014-01-12 at 12:04 +1100, Russell Coker wrote: > On Fri, 10 Jan 2014 19:52:25 Dominick Grift wrote: > > Not sure if i am choosing my words right here but rpm_t, rpm_script_t > > domains are a fallacy in the first place: > > > > # seinfo -xaunconfined_domain_type | grep rpm > > rpm_t > > rpm_script_t > > That's only if you have unconfined.pp loaded. While it's not common to run > without it I aim to support such configurations in Debian and use them on some > of my systems. > Yes and if you do not have it installed then you can rest assured that eventually RPM fails somewhere due to lack of permissions. unconfined_domain_type was associated to rpm_t/rpm_script_t for good reason.