Re: changing permissions during install

To: debian-devel@lists.debian.org
Subject: Re: changing permissions during install
From: Manoj Srivastava <srivasta@debian.org>
Date: Thu, 24 Jan 2002 23:35:30 -0600
Message-id: <[🔎] 87u1tb3sd9.fsf@glaurung.green-gryphon.com>
In-reply-to: <[🔎] 20020125033439.0A6863A2120@lyta.coker.com.au> (Russell Coker's message of "Fri, 25 Jan 2002 14:34:38 +1100")
References: <[🔎] Pine.LNX.4.33.0201242122250.24621-100000@gradall.private.brainfood.com> <[🔎] 20020125033439.0A6863A2120@lyta.coker.com.au>

>>"Russell" == Russell Coker <russell@coker.com.au> writes:

 Russell> dpkg-statoverride doesn't allow me to do the following:
 Russell> chsid system_u:object_r:dhcpc_exec_t /sbin/dhclient*

 Russell> After the files for the dhclient package are installed.  I
 Russell> know I could ask the maintainers of every package that
 Russell> installs any system program to add something special in
 Russell> their postinst for SELinux (and then make another addition
 Russell> for GRSecurity and for every other security enhancement that
 Russell> comes along).  But that is impractical.

 Russell> The ideal thing to do would be for the package to call a
 Russell> script and pass a list of all file names installed (or the
 Russell> package name so the script can go for
 Russell> /var/lib/dpkg/info/package.list) so the script can do the
 Russell> rest.

	Perhaps the way the menu system was boot strapped could be
 used? Initially, the menu system came with _default_ files for
 packages, and it looked to see if a real file existed, then that was
 used, or else the default was used.  Of course, we still need to be
 able to run a script after the packages are unpacked, but before any
 postsint is run (just like DPkg::Pre-Invoke {"mount -o remount,rw /usr";};
 alows me to have a read only /usr/partition and still be able to run
 apt. 

	If we can get these hooks into dpkg (or apt, if that is
 feasible) (Adam Heath says it may be feasible for dpkg 1.10.X), then
 we can boot strap the packages as fast as we can write defaults.

	In the meanwhile, we could discuss/design what information
 needs be provided, and work on a format for the file (me, having been
 involved in XSL/XSLT coding for the last 6 months, I'd lean towards a
 XML schema file (that would allow us to change formats later on by
 changing schema file versions, and allow people to cobble various
 levels of policy strictness by doing simple XSLT transforms on input
 files) -- merging policy files -- and having a means of validating
 policy files so generated. 

	The possibilities are endless ;-o

	manoj
-- 
 The sooner our happiness together begins, the longer it will
 last. Miramanee, "The Paradise Syndrome", stardate 4842.6
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

References:
- Re: changing permissions during install
  - From: Adam Heath <doogie@debian.org>
- Re: changing permissions during install
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: changing permissions during install
Next by Date: Re: woody: Remaining RC bugs in base system
Previous by thread: Re: changing permissions during install
Next by thread: Re: changing permissions during install
Index(es):
- Date
- Thread