[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SE/Linux] status / progress report 13jun2004

>>>>> "Scott" == Scott James Remnant <scott@netsplit.com> writes:

    >> The /bin/rpm binary is linked against libselinux.so and has
    >> code to assign the correct security context to each file at
    >> creation time.  Doing for dpkg what has been done for rpm means
    >> putting in SE Linux specific code for file labelling which is
    >> not generic, and won't work for other security systems.
    Scott> Why can't this just be done in postinst?

It has to happen for every *.deb package.

Adding and maintaining SE-Linux code in the postinst of every package
around would appear to be very impractical and unfeasible.

Such an excessive solution isn't required either, most packages don't
need any modifications to work with SE-Linux (as the policy isn't
included with the packages).
Brian May <bam@debian.org>

Reply to: