rpm_exec and confined type for rpm scriptlets
Jeremy Young
jrm16020 at gmail.com
Wed Feb 18 14:01:24 UTC 2015
I learned to do this using an example from Dan's blog. The comments happen
to describe the exact scenario you're describing.
http://danwalsh.livejournal.com/66587.html?thread=397339#t397339
On Wed, Feb 18, 2015 at 2:53 AM, Cretu Adrian <adycrt at gmail.com> wrote:
>
> Hi,
> Is there a way I can permit a user confined by selinux to run rpm but the
> scriptlets to be executed in user's domain type instead of rpm_script_t ?
>
> I have a use case where I need to permit some users to install rpms but in
> same time I need to confine them so would not interfere with files that
> define network interfaces/kernel and so on.
>
> Thanks
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
--
Jeremy Young <jrm16020 at gmail.com>, M.S., RHCSA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150218/76382b4b/attachment.html>
More information about the selinux
mailing list