I learned to do this using an example from Dan's blog. The comments happen to describe the exact scenario you're describing.
On Wed, Feb 18, 2015 at 2:53 AM, Cretu Adrian <adycrt@xxxxxxxxx> wrote:
I have a use case where I need to permit some users to install rpms but in same time I need to confine them so would not interfere with files that define network interfaces/kernel and so on.Is there a way I can permit a user confined by selinux to run rpm but the scriptlets to be executed in user's domain type instead of rpm_script_t ?Hi,Thanks
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Jeremy Young, M.S., RHCSA
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
