[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changing permissions during install



On Fri, 25 Jan 2002 14:26, Yves Arrouye wrote:
> > > If the postinst of the dhclient package starts it before it has the
> > > system_u:object_r:dhcpc_exec_t SID then it won't be able to operate.
> > >
> > > I would like to be able to hook into the operation of dpkg so have my
> >
> > own
> >
> > > code run after the files are installed but before postinst so I can
> >
> > change
> >
> > > the security settings before the programs are run.
>
> And the postinst itself can't set the security setting before starting
> dhclient?

Sure it can, if it's specifically written to do so.

What are my chances of getting the maintainers of every package that has a 
daemon running as root to make a change to their postinst for SE Linux?  
About 0 I think.

Another option is for me to package an SE version of all those packages, 
which is impossible because the work is too great.

Another option is to have the sysadmin relabel their entire root file system 
after any major upgrade of Debian packages or chsid the relevant files after 
a minor upgrade.  The former takes ages and is painful.  The latter requires 
some care to the details to prevent mistakes.

Having this done automatically shouldn't be that difficult, but it may 
require a modification to dpkg.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page



Reply to: