Re: changing permissions during install
On Fri, 25 Jan 2002 14:22, Adam Heath wrote:
> On Fri, 25 Jan 2002, Russell Coker wrote:
> > If the postinst of the dhclient package starts it before it has the
> > system_u:object_r:dhcpc_exec_t SID then it won't be able to operate.
> >
> > I would like to be able to hook into the operation of dpkg so have my own
> > code run after the files are installed but before postinst so I can
> > change the security settings before the programs are run.
> >
> > Is this possible? If not then can things be changed to make it possible?
>
> File permissions are easy. dpkg-statoverride.
>
> Anything else is not possible(atm).
dpkg-statoverride doesn't allow me to do the following:
chsid system_u:object_r:dhcpc_exec_t /sbin/dhclient*
After the files for the dhclient package are installed. I know I could ask
the maintainers of every package that installs any system program to add
something special in their postinst for SELinux (and then make another
addition for GRSecurity and for every other security enhancement that comes
along). But that is impractical.
The ideal thing to do would be for the package to call a script and pass a
list of all file names installed (or the package name so the script can go
for /var/lib/dpkg/info/package.list) so the script can do the rest.
But if dpkg-statoverride could be extended to support arbitary programs and
arbitary parameters then it would do.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: