Re: changing permissions during install
On Fri, 25 Jan 2002 14:26, Yves Arrouye wrote:
> > > If the postinst of the dhclient package starts it before it has the
> > > system_u:object_r:dhcpc_exec_t SID then it won't be able to operate.
> > >
> > > I would like to be able to hook into the operation of dpkg so have my
> >
> > own
> >
> > > code run after the files are installed but before postinst so I can
> >
> > change
> >
> > > the security settings before the programs are run.
>
> And the postinst itself can't set the security setting before starting
> dhclient?
Sure it can, if it's specifically written to do so.
What are my chances of getting the maintainers of every package that has a
daemon running as root to make a change to their postinst for SE Linux?
About 0 I think.
Another option is for me to package an SE version of all those packages,
which is impossible because the work is too great.
Another option is to have the sysadmin relabel their entire root file system
after any major upgrade of Debian packages or chsid the relevant files after
a minor upgrade. The former takes ages and is painful. The latter requires
some care to the details to prevent mistakes.
Having this done automatically shouldn't be that difficult, but it may
require a modification to dpkg.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: