From: dominick.grift@gmail.com (Dominick Grift) Date: Fri, 30 May 2014 12:54:01 +0200 Subject: [refpolicy] Do we need to keep "aliased" interfaces? In-Reply-To: <20140530104803.GA1540@siphos.be> References: <20140529165745.GA10882@siphos.be> <1401445749.6837.8.camel@x220.localdomain> <20140530104803.GA1540@siphos.be> Message-ID: <1401447241.7153.3.camel@x220.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2014-05-30 at 12:48 +0200, Sven Vermeulen wrote: > > But are prefix domains still something we want to work on? I thought that > proper desktop confinement is better done using the user-based access > control constraints. I will leave that decision to you and others My opinion though: UBAC does not deal with the fact that we need to be able to tell selinux when a confined domain needs to execute an file in a calling user domain (or another confined domain type derived from the calling user domain)