Re: Draft spec for new dpkg "triggers" feature
Russell Coker writes ("Re: Draft spec for new dpkg "triggers" feature"):
> Manoj's recent work on SE Linux policy has the package examine the
> system to determine which packages are installed and to then load
> the matching SE Linux policy modules. This works OK on an initial
> install as a complete relabel is performed after installing the
> policy.
>
> But for a running SE Linux system when a new package is installed we
> need the policy loaded first.
This kind of baroque thing is why SE Linux is a bad idea.
> This means that we need a trigger for new package selection and the trigger
> has to be completed before any of the packages are installed.
My proposed dpkg triggers mechanism is not suitable for this. It's
designed to _defer_ processing, not to expedite it. It's not a
general purpose hook feature, and I don't think it would be sensible
to try to make it into one.
If you want a general purpose hook, or some crazy SE-Linux-specific
feature, then you should probably propose one. Personally I think a
general purpose hook feature would probably be abused so should not be
provided, and I think SE-Linux is no more than an interesting research
project and should not be deployed (ever) so obviously we shouldn't
have any code in dpkg for it.
Ian.
Reply to: