[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Triggers status?

On Wed, Oct 10, 2007 at 12:44:07AM -0500, Manoj Srivastava wrote:
> > Manoj Srivastava writes ("Re: Triggers status?"):
> >> I also would love to have a pre-install trigger [...] to ensure that
> >> a SELinux policy for a package is loaded before the package is
> >> unpacked; 
> 	Well, when one or more packages are going to be installed a
>  <<not trigger but something that walks like a trigger, sounds like a
>     trigger>> goes off, 

So, afaics, Ian's triggers provide fairly weak ordering by time -- they'll
delay marking a package as installed a little bit, and consequent postinst
runs, but that's it. Delaying the unpack phase is a bigger step.

The above also seems different in that triggers are mostly about
aggregating similar tasks (update-menus for foo, update-menus for bar)
so they can all be run at once, substantially quicker. That doesn't seem
to be the case for SELinux policies either, which I presume would get
lost in the noise of unpacking anyway.

>  I'll be happy to call it a pre-install hook.

That sounds sensible. 

I wonder if it'd be possible to setup an SELinux policy so that dpkg is
only able to unpack files that are already known about by SELinux -- at
least that way you'd get an error on unpack, with dpkg's usual bail-out
attempts, rather than a possible hole introduced into your system.


Attachment: signature.asc
Description: Digital signature

Reply to: