standard for executable files under /usr/share
It seems that many packages have binaries under /usr/share, here are a few
examples of regex's that match Debian-specific binaries under /usr/share:
/usr/share/debiandoc-sgml/saspconvert
/usr/share/lintian/.+
/usr/share/kernel-package/.+
/usr/share/bug/[^/]+
/usr/share/console/getkmapchoice\.pl
/usr/share/openoffice\.org-debian-files/install-hook
/usr/share/dlint/digparse
/usr/share/gimp/1.2/user_install
The problem for me is that as part of my work maintaining Debian packages of
SE Linux policy I have to track all of these.
The problem for SE Linux users is that there are undoubtably many I have not
discovered yet which will therefore have the wrong security type on a default
setup and not work.
The problem for the people who maintain such packages is that some SE Linux
users may file bug reports against your package by mistake instead of
informing me.
I suggest that we have a standard for names of such files. Something like
/usr/share/package/bin/.+ would do well. That will make things a lot easier
for SE Linux users (and users of other security systems).
Also there would be other benefits to such a scheme, if a package has a large
number of files under /usr/share then it would be easier to determine which
are programs and which are data files (for some scripts etc file(1) won't
tell you the right things).
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: