From: bigon@debian.org (Laurent Bigonville)
Date: Sat, 25 Jan 2014 11:54:36 +0100
Subject: [refpolicy] [PATCH] Allow unconfined users to transition to
 dpkg_t domain
In-Reply-To: <1389450202-22501-1-git-send-email-bigon@debian.org>
References: <1389450202-22501-1-git-send-email-bigon@debian.org>
Message-ID: <20140125115436.2542228f@fornost.bigon.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

Le Sat, 11 Jan 2014 15:23:22 +0100,
Laurent Bigonville <bigon@debian.org> a ?crit :

> From: Laurent Bigonville <bigon@bigon.be>
> 
> dpkg is now using rpm_execcon()/setexecfilecon()-like function to
> transition to the dpkg_script_t domain. This function will fail in
> enforcing mode if the transition is not allowed.
> ---
>  policy/modules/system/unconfined.te | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/policy/modules/system/unconfined.te
> b/policy/modules/system/unconfined.te index 667f2a0..c22d964 100644
> --- a/policy/modules/system/unconfined.te
> +++ b/policy/modules/system/unconfined.te
> @@ -76,6 +76,10 @@ optional_policy(`
>  ')
>  
>  optional_policy(`
> +	dpkg_run(unconfined_t, unconfined_r)
> +')
> +
> +optional_policy(`
>  	firstboot_run(unconfined_t, unconfined_r)
>  ')
>  

Is there any plans to merge this patch then? (*ping*)

Cheers,

Laurent Bigonville