Bug#752002: cdebconf: Please run maintainer scripts in correct selinux context
On 18/06/14 18:27, Laurent Bigonville wrote:
> Package: cdebconf
> Version: 0.191
> Severity: wishlist
> Since 1.17.0, dpkg is trying to run the maintainer scripts in a
> different context based on the file context and fallback on
> OTHO, a maintainer script run by dpkg-reconfigure is never transitioned
> out of the "dpkg_t" context.
> The maintainer scripts run by dpkg-reconfigure should also transition to
> the appropriate context.
> Since libselinux 2.3, the setexecfilecon() function can be called for
> every maintainer scripts just before they are executed.
I had a look at it this morning. As I'm not really a SELinux specialist,
so I have a question. Would it make sense and be safe to apply it for
all scripts run from cdebconf ? That would include dpkg-reconfigure, but
also dpkg-preconfigure, and when cdebconf is called from dpkg (dpkg
calls the script, which calls (c)debconf, which in turn exec the script
Is the required modification then as simple as this ?
if (execv(argv, args) != 0)