Re: [SE/Linux] status / progress report 13jun2004
On Mon, 14 Jun 2004 21:10, Scott James Remnant <firstname.lastname@example.org> wrote:
> > > I would suggest that. SE Linux is an exception in that it needs to
> > > update file system attributes for /any/ installed package. Creating too
> > > generic solutions to such highly exceptional situations seems overly
> > > broad to me.
> > Your suggestion makes sense to me.
> That would be the suggestion that has utterly failed to be elaborated,
> What is "the way that rpm has been [patched]" ?
The /bin/rpm binary is linked against libselinux.so and has code to assign the
correct security context to each file at creation time. Doing for dpkg what
has been done for rpm means putting in SE Linux specific code for file
labelling which is not generic, and won't work for other security systems.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page