Russell Coker <russell@xxxxxxxxxxxx> writes: > On Tuesday, 22 January 2019 7:11:40 PM AEDT Dominick Grift wrote: >> > Getting close to a Debian release so I have to sort out the nnp_transition >> > rules. How do I work out what's going on here? Do I just assume that as >> > dpkg_t has generally less access than unconfined_t it's ok? Is it worth >> > investigating why something in apt is setting NNP? >> >> Not worth looking into if you ask me (this is just the tip of the mountain). >> You no longer have to worry about type bounds if you enable the polcap >> (which i think is the default) > > What do you mean by "enable the polcap"? [root@brutus ~]# seinfo --polcap | grep nnp nnp_nosuid_transition -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
