Re: Draft spec for new dpkg "triggers" feature

[Ian Jackson <ian@davenant.greenend.org.uk>]

Russell Coker writes ("Re: Draft spec for new dpkg "triggers" feature"):
> Manoj's recent work on SE Linux policy has the package examine the
> system to determine which packages are installed and to then load
> the matching SE Linux policy modules.  This works OK on an initial
> install as a complete relabel is performed after installing the
> policy.
> 
> But for a running SE Linux system when a new package is installed we
> need the policy loaded first.

This kind of baroque thing is why SE Linux is a bad idea.

> This means that we need a trigger for new package selection and the trigger 
> has to be completed before any of the packages are installed.

My proposed dpkg triggers mechanism is not suitable for this.  It's
designed to _defer_ processing, not to expedite it.  It's not a
general purpose hook feature, and I don't think it would be sensible
to try to make it into one.

If you want a general purpose hook, or some crazy SE-Linux-specific
feature, then you should probably propose one.  Personally I think a
general purpose hook feature would probably be abused so should not be
provided, and I think SE-Linux is no more than an interesting research
project and should not be deployed (ever) so obviously we shouldn't
have any code in dpkg for it.

Ian.