From: russell@coker.com.au (Russell Coker)
Date: Mon, 13 Jan 2014 23:35:35 +1100
Subject: [refpolicy] Transition unconfined users to dpkg_t domain
In-Reply-To: <1389529434.8106.12.camel@x220.localdomain>
References: <20140109171932.2c48b131@soldur.bigon.be>
	<10071582.tSbv3mLmCQ@russell.coker.com.au>
	<1389529434.8106.12.camel@x220.localdomain>
Message-ID: <6950908.nv65BrvUOs@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 12 Jan 2014 13:23:54 Dominick Grift wrote:
> We done something similar with cron, where one can conditionally run
> jobs in the user domain or in a dedicated cronjob_t domain.

As an aside we shouldn't use cron as an example of how to do things.  It's 
more of an example of a horrible series of compromises needed to build on 
decades of tradition that goes in a different direction to the way we are 
going.

It's probably second only to the MTA policy in terms of awkward things we have 
done.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/