From: russell@coker.com.au (Russell Coker) Date: Mon, 13 Jan 2014 23:35:35 +1100 Subject: [refpolicy] Transition unconfined users to dpkg_t domain In-Reply-To: <1389529434.8106.12.camel@x220.localdomain> References: <20140109171932.2c48b131@soldur.bigon.be> <10071582.tSbv3mLmCQ@russell.coker.com.au> <1389529434.8106.12.camel@x220.localdomain> Message-ID: <6950908.nv65BrvUOs@russell.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 12 Jan 2014 13:23:54 Dominick Grift wrote: > We done something similar with cron, where one can conditionally run > jobs in the user domain or in a dedicated cronjob_t domain. As an aside we shouldn't use cron as an example of how to do things. It's more of an example of a horrible series of compromises needed to build on decades of tradition that goes in a different direction to the way we are going. It's probably second only to the MTA policy in terms of awkward things we have done. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/