From: aranea@aixah.de (Luis Ressel) Date: Wed, 28 Dec 2016 00:02:30 +0100 Subject: [refpolicy] [PATCH] init: run sysvinit without the dangerous unconfined_domain() call In-Reply-To: <1320659434.14525.1482879298312.JavaMail.open-xchange@popper05.register.it> References: <1425370720.18751.1482877006863.JavaMail.open-xchange@popper10.register.it> <20161227233846.6ed0ebf0@gentp.lnet> <1320659434.14525.1482879298312.JavaMail.open-xchange@popper05.register.it> Message-ID: <20161228000230.798bf64d@gentp.lnet> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 27 Dec 2016 23:54:58 +0100 (CET) Guido Trentalancia via refpolicy wrote: > Ok, that's fine. Consider, I have completed testing it with sysvinit, > so I don't really need to debug anything. > > It comes from the following recent advice that has been posted (I was > not even aware of the existence of such statement): > > http://oss.tresys.com/pipermail/refpolicy/2016-December/008835.html > Neither was I; I had to look it up before answering to your mail. :) > but, if it is more likely to cause problems, then I can create a new > patch which just dumps the dangerous call to unconfined_domain() and > that's the end of the story. > Thanks! > At the end, there must be a way out of it ! Yes. Personally, I never really cared about it because I don't use 'unconfined' anyway, but I definitly appreciate your effort to get rid of it. Regards, Luis Ressel