RE: changing permissions during install

To: 'Adam Heath' <doogie@debian.org>, debian-devel@lists.debian.org
Cc: Debian Devel <debian-devel@lists.debian.org>
Subject: RE: changing permissions during install
From: Yves Arrouye <yves@realnames.com>
Date: Thu, 24 Jan 2002 22:47:08 -0800
Message-id: <[🔎] 7FC3066C236FD511BC5900508BAC86FE4D8487@trestles.internal.realnames.com>

> > What are my chances of getting the maintainers of every package that has
> a
> > daemon running as root to make a change to their postinst for SE Linux?
> > About 0 I think.
> 
> I think they are much higher than you think.
> 
> Write a utility that can be called, to make this easier.  This helper
> would
> take a config type file, that would define the security perms.  Maybe a
> conffile in /etc/selinux.d/ or something.

I agree. If it's well done, and documented in the new maintainer doc and
other things, it can catch on very easily.

Now I don't know anything about SELinux, but are all the SIDs like the
system_u:object_r:dhcpc_exec_t SID things that the sysadmin defines
independently of the packages? Or should the package be aware of these,
ideally? I am trying to understand whose responsibility it is to define the
default security policy: you or the package maintainer? If it's you, then I
guess everybody could do something as simple as call install-selinux
mypackagenamec in postinst (and maybe something else in postrm), but isn't
that a big task to set these things for every package? And if it has to be
done by the maintainer, is it reasonable to expect everybody to understand
SELInux and whatever will come after?

YA

Reply to:

Follow-Ups:
- Re: changing permissions during install
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: woody: Remaining RC bugs in base system
Next by Date: Re: State of xfstt
Previous by thread: Re: changing permissions during install
Next by thread: Re: changing permissions during install
Index(es):
- Date
- Thread