Re: dpkg triggers
On Fri, 29 Mar 2002 00:33, Brian May wrote:
> > What I want to do is relabel files with the SE Linux context after each
> > package is installed.
>
> Ok. Sounds good.
>
> I guess this is a tradeoff from putting the relabel commands directly
> into each package
Putting relabel commands into every package is impossible. It doesn't make
sense to change 8000 packages when you can change 1.
> (which would become tedious as more security systems,
> eg ACLs, come into place). Plus, I doubt that every maintainer will want
> to support SE-Linux...
Yes, there are many other ways of labelling files.
Getting support in the base packages cron, ssh, login, and logrotate is hard
enough.
> Instead you would need some sort of database that the trigger scripts
> can access, to know how to relabel each file for each version of each
> package.
No! All we need is to have a script run as part of the installation phase.
With my current hack to dpkg I have run-parts used to run scripts
before/after the {pre,post}{inst,rm} scripts.
> Maybe this database could contain policy files needed for each package
> too.
No database. Just actions to be performed before/after package installation.
Also it has just occurred to me that there are 8 times at which you may want
to run such trigger scripts, before and after each of the {pre,post}{inst,rm}
scripts.
--
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
--
To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: