[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg and selinux

On Tue, Sep 07, 2004 at 10:20:53PM +1000, Russell Coker wrote:

> > > Vaguely, files are unpacked in a temporary place then moved into the
> > > right place (inside process_archive).
> >
> >  okay, then that means that:
> >
> >  1b) the move needs to be handled carefully to ensure that the
> >     selinux permissions are preserved
> 
> This is already catered for.  The only move which could lose the SE Linux 
> context is one that crosses file systems.  This doesn't work for package 
> installation anyway (imagine if /bin/bash or /usr/bin/perl was being replaced 
> and half way through copying over the new file there was a power failure).
 
 so... if i have /usr, /var, / and /boot on separate partitions, and move
 files around, is the selinux context lost or kept?





> >  2) the linux kernel could be "prepped" by the functions in libselinux
> >      such that the correct file contexts be applied at move time (i think!)
> 
> No kernel changes.
 
 [i mean by using libselinux1 in standard way]

> >  well, under most circumstances, i believe that can be catered for
> >  (with /etc/init.d/xfs creating /tmp/.font-unix being a notable
> >   exception).
> 
> test -s /sbin/restorecon && /sbin/restorecon /tmp/.font-unix

 (in /etc/init.d/xfs i've used if [ -x /sbin/restorecon ]; then /sbin....
  but hey it's all the same)

  l.
Reply to: