On Wed, Oct 10, 2007 at 12:44:07AM -0500, Manoj Srivastava wrote: > > Manoj Srivastava writes ("Re: Triggers status?"): > >> I also would love to have a pre-install trigger [...] to ensure that > >> a SELinux policy for a package is loaded before the package is > >> unpacked; > Well, when one or more packages are going to be installed a > <<not trigger but something that walks like a trigger, sounds like a > trigger>> goes off, So, afaics, Ian's triggers provide fairly weak ordering by time -- they'll delay marking a package as installed a little bit, and consequent postinst runs, but that's it. Delaying the unpack phase is a bigger step. The above also seems different in that triggers are mostly about aggregating similar tasks (update-menus for foo, update-menus for bar) so they can all be run at once, substantially quicker. That doesn't seem to be the case for SELinux policies either, which I presume would get lost in the noise of unpacking anyway. > I'll be happy to call it a pre-install hook. That sounds sensible. I wonder if it'd be possible to setup an SELinux policy so that dpkg is only able to unpack files that are already known about by SELinux -- at least that way you'd get an error on unpack, with dpkg's usual bail-out attempts, rather than a possible hole introduced into your system. Cheers, aj
Attachment:
signature.asc
Description: Digital signature