Re: [SE/Linux] status / progress report 13jun2004

To: debian-devel@lists.debian.org
Cc: Andres Salomon <dilinger@voxel.net>
Subject: Re: [SE/Linux] status / progress report 13jun2004
From: Russell Coker <russell@coker.com.au>
Date: Mon, 14 Jun 2004 17:40:05 +1000
Message-id: <[🔎] 200406141740.05565.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] pan.2004.06.13.20.43.20.197930@voxel.net>
References: <[🔎] 20040613153648.GB26207@lkcl.net> <[🔎] pan.2004.06.13.20.43.20.197930@voxel.net>

On Mon, 14 Jun 2004 06:43, Andres Salomon <dilinger@voxel.net> wrote:
> > 	status: mr russell coker's postinst.d patch is apparently
> > 	        well-known and the bugreport has been merged with
> > 			other bugs, one of which (#17243) dates back to 1998! kuudosss.
> > 			however, the maintainer says that those bugs are part of a larger
> > 			picture of required / requested functionality and they don't want to
> > 			proceed with what would turn out to be a temporary measure.
> >
> > 			30may2004: after evaluating options (see links above) initiated thread
> > 			to convince dpkg developers to incorporate postinst.d patch.
> >
> > 			13jun2004: no response yet received, another ping initiated.
>
> Wow.  This sounds like a horrible idea.  The fact that rpm does it,
[...]
> If I understand the proposed patch correctly, a package installs a
> postinst script that is run w/ every installed package's postinst script.
> If this postinst script breaks, it makes every package on the system
> uninstallable.  Please tell me that this isn't the case.  If the postinst
> script takes a while to run, this significantly slows down installation of
> all packages.  This scheme is just begging for abuse by a maintainer.

With my current implementation a slow script will slow down the system, and a 
script that breaks will prevent all package's from completely installing.

For SE Linux the behaviour on a broken script does not cause a problem, 
installing files without the correct SE Linux labels will break the entire 
system so it's best to stop early.

Why is that scheme begging for abuse?  If it gets abused then the package 
which does so gets grave bug reports filed against it and does not progress 
into testing.

The alternative to this is to patch dpkg with SE Linux support in the way that 
rpm has been.  Should I implement the needed functionality in that manner?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: [SE/Linux] status / progress report 13jun2004
  - From: Wouter Verhelst <wouter@grep.be>

References:
- [SE/Linux] status / progress report 13jun2004
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
- Re: [SE/Linux] status / progress report 13jun2004
  - From: Andres Salomon <dilinger@voxel.net>

Prev by Date: Re: [SE/Linux] status / progress report 13jun2004
Next by Date: Bug in description of menu or bug in lintian: executable-in-usr-lib-menu
Previous by thread: Re: [SE/Linux] status / progress report 13jun2004
Next by thread: Re: [SE/Linux] status / progress report 13jun2004
Index(es):
- Date
- Thread