[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SE/Linux] status / progress report 13jun2004

On Fri, 18 Jun 2004 05:33, Simon Richter <sjr@debian.org> wrote:
> Hi,
> [labeling files for SE/Linux]
> > > Why can't this just be done in postinst?
> >
> > Sure it could be done in the postinst, if I could change the postinst
> > file of every package in Debian and keep the changes up to date...
> Are these labels required for every package, or can they be left out for
> programs that are meant to be called by users and need no special
> privileges?

Most packages don't need anything special under the current policy, as in most 
cases the contexts of the files match that of the directories that they are 

There's probably only a few hundred packages that really need per-file 
labelling under the current policy.

However there can be different policies, a user could create their own policy 
which requires different labelling.  It is not possible for me to know the 
precise list of which packages a SE Linux administrator may require such 
labelling on right now, and we can expect things to change in future.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: