Re: Fwd: dpkg triggers

To: debian-dpkg@lists.debian.org
Subject: Re: Fwd: dpkg triggers
From: Russell Coker <russell@coker.com.au>
Date: Fri, 29 Mar 2002 14:31:28 +0100
Message-id: <[🔎] 20020329133128.C700A237BB@lyta.coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20020329122932.GC23034@wiggy.net>
References: <[🔎] 20020329114911.DD5F7237BA@lyta.coker.com.au> <[🔎] 20020329122610.A5571237BB@lyta.coker.com.au> <[🔎] 20020329122932.GC23034@wiggy.net>

On Fri, 29 Mar 2002 13:29, Wichert Akkerman wrote:
> > If the postinst gives an error then my script must still be run (doing
> > otherwise may leave the system in a state where it's impossible to
> > login).
>
> That's positively nasty, it means you end up with continuing while we
> know we are in an error state.

No, it means having an error recovery proceedure.  Running the trigger script 
with a parameter indicating that it's being run in an error-cleanup condition 
should not cause any problems.

As for being nasty, /bin/login must have the sid 
system_u:object_r:login_exec_t to indicate that it gets special privs 
(setuid, setgid, etc).  This sid must be applied to the inode after the new 
file is installed.

> > If my script was to return an error then I think that dpkg should
> > consider it to be the same as if the postinst had returned an error and
> > leave the package unconfigured.
>
> Absolutely not, a failed trigger is a completely seperate thing from a
> failed postinst. It is a different package for one thing.

OK.  It doesn't bother me anyway, my trigger has no need to return an error 
condition (if something goes wrong it probably indicates a much more serious 
problem).

> I'm starting to dislike the whole SELinux thing more and more, I suspect
> this can be done a lot simpler with a different approach.

Well I'm sure that the NSA people will be interested in hearing any 
suggestions, but they aren't really concerned about packaging issues.

The NSA documents on installation are based around the idea of installing all 
software, labelling the files with the correct SID, then rebooting.  We could 
follow the NSA proceedures and require a reboot after every package 
installation...

-- 
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

-- 
To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Fwd: dpkg triggers
  - From: Russell Coker <russell@coker.com.au>
- Re: Fwd: dpkg triggers
  - From: Russell Coker <russell@coker.com.au>
- Re: Fwd: dpkg triggers
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Fwd: dpkg triggers
Next by Date: Re: Bug#140590: groff: Error at install
Previous by thread: Re: Fwd: dpkg triggers
Next by thread: Bug#140441: dpkg-dev: Spelling error in manual of dpkg-architecture
Index(es):
- Date
- Thread