Is there a way I can permit a user confined by selinux to run rpm but the scriptlets to be executed in user's domain type instead of rpm_script_t ?

I have a use case where I need to permit some users to install rpms but in same time I need to confine them so would not interfere with files that define network interfaces/kernel and so on.