From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 30 May 2014 12:54:01 +0200
Subject: [refpolicy] Do we need to keep "aliased" interfaces?
In-Reply-To: <20140530104803.GA1540@siphos.be>
References: <20140529165745.GA10882@siphos.be>
	<1401445749.6837.8.camel@x220.localdomain>
	<20140530104803.GA1540@siphos.be>
Message-ID: <1401447241.7153.3.camel@x220.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2014-05-30 at 12:48 +0200, Sven Vermeulen wrote:

> 
> But are prefix domains still something we want to work on? I thought that
> proper desktop confinement is better done using the user-based access
> control constraints. 

I will leave that decision to you and others


My opinion though:
UBAC does not deal with the fact that we need to be able to tell selinux
when a confined domain needs to execute an file in a calling user domain
(or another confined domain type derived from the calling user domain)