At the moment rpm_script_t has access to so much that there's no point in trying to impose any serious restriction on it.
I suspect that limiting rpm_script_t in any significant way will have to wait until we have multiple domains for rpm for installing packages with different signatures.
What is the logical connection between rpm_scriptlet_t has too much access. and rpm needs multiple domains based on signature "trust".
Are there alternatives is what I'm asking.
73 de Jeff
