Lars Wirzenius wrote: This can be done with SELinux as well, the maintainer scripts can be labeled and dpkg will run them in the desired context.* default: install files in /usr only * kernel: install files in /boot, trigger initramfs * core: can install files anywhere, trigger anything * maintained-by-liw: full power to do anything This might be implemented in various ways. For example, dpkg could create a temporary directory, and bind mount the directories the profile indicates are needed, into a temporary shadow of the full system. Maintainer scripts would be run in the shadow environment. Thus, if they try to do something that isn't allowed by the packages profile, they can't. |