[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Triggers status?

On Tue, 9 Oct 2007 19:02:38 +0100, Ian Jackson <ian@davenant.greenend.org.uk> said: 

> Manoj Srivastava writes ("Re: Triggers status?"):
>> I also would love to have a pre-install trigger (which I think is not
>> present in the current patch; I'll be working on that) to ensure that
>> a SELinux policy for a package is loaded before the package in
>> unpacked; so that dpkg would be aware of initial security contects
>> for files and directories before we unpack a package for the first
>> time.

> This is (a) a bad idea as previously discussed

        Well, no. You think it is a bad idea; I do not think that makes
 it so.

> and (b) not at all like what is now called a "trigger" so please call
> it something different.

	Well, when one or more packages are going to be installed a
 <<not trigger but something that walks like a trigger, sounds like a
    trigger>> goes off, and calls a utility function with the names of
 the packages going to be installed (so, goes off in the pre-install
 phase), and this utility function ensure that the security policy is in
 place before the packages get unpacked.

        I don't care what this is called; as long as it gets
 invoked. I'll be happy to call it a pre-install hook.

Every solution breeds new problems.
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: