From: dominick.grift@gmail.com (Dominick Grift)
Date: Sun, 12 Jan 2014 13:25:30 +0100
Subject: [refpolicy] Transition unconfined users to dpkg_t domain
In-Reply-To: <49627420.OsS9p7pMfV@russell.coker.com.au>
References: <20140109165738.77a1d0a8@soldur.bigon.be>
	<52D03E91.1000600@tycho.nsa.gov>
	<1389379945.20258.33.camel@x220.localdomain>
	<49627420.OsS9p7pMfV@russell.coker.com.au>
Message-ID: <1389529530.8106.14.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2014-01-12 at 12:04 +1100, Russell Coker wrote:
> On Fri, 10 Jan 2014 19:52:25 Dominick Grift wrote:
> > Not sure if i am choosing my words right here but rpm_t, rpm_script_t
> > domains are a fallacy in the first place:
> > 
> > # seinfo -xaunconfined_domain_type | grep rpm
> >       rpm_t
> >       rpm_script_t
> 
> That's only if you have unconfined.pp loaded.  While it's not common to run 
> without it I aim to support such configurations in Debian and use them on some 
> of my systems.
> 

Yes and if you do not have it installed then you can rest assured that
eventually RPM fails somewhere due to lack of permissions.

unconfined_domain_type was associated to rpm_t/rpm_script_t for good
reason.