Re: dpkg and selinux
On Tue, Sep 07, 2004 at 10:20:53PM +1000, Russell Coker wrote:
> > > Vaguely, files are unpacked in a temporary place then moved into the
> > > right place (inside process_archive).
> >
> > okay, then that means that:
> >
> > 1b) the move needs to be handled carefully to ensure that the
> > selinux permissions are preserved
>
> This is already catered for. The only move which could lose the SE Linux
> context is one that crosses file systems. This doesn't work for package
> installation anyway (imagine if /bin/bash or /usr/bin/perl was being replaced
> and half way through copying over the new file there was a power failure).
so... if i have /usr, /var, / and /boot on separate partitions, and move
files around, is the selinux context lost or kept?
> > 2) the linux kernel could be "prepped" by the functions in libselinux
> > such that the correct file contexts be applied at move time (i think!)
>
> No kernel changes.
[i mean by using libselinux1 in standard way]
> > well, under most circumstances, i believe that can be catered for
> > (with /etc/init.d/xfs creating /tmp/.font-unix being a notable
> > exception).
>
> test -s /sbin/restorecon && /sbin/restorecon /tmp/.font-unix
(in /etc/init.d/xfs i've used if [ -x /sbin/restorecon ]; then /sbin....
but hey it's all the same)
l.
Reply to: