Bug#685992: /usr/sbin/update-flashplugin-nonfree: Please restore selinux context after installing files

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Thu, 2013-10-10 at 12:13 +0200, Dominick Grift wrote:
> Let's not compare init scripts with dpkg scripts.
> 
> The issue at hand here is that dpkg, and dpkg scripts do not install
>files with the correct context.

So far as I can tell, that's very much _not_ the issue at hand. This bug
is precisely about files created outside of the packaging system, not by
it.

init scripts are a common creator of such files (e.g. state in /run) but
scripts downloading files from external locations are another; for
example, see the bug marked as being blocked by this one.

On a related note, "dpkg script" is not a term generally used within
Debian. Are you referring to what we'd call maintainer scripts?
(Pre/post removal/installation scripts.)

> As a Fedora user, i am not very familiar with dpkg,

That much is clear. :-)

> but i can tell you
> that rpm, and the rpm script mechanism are SELinux aware.

A quick grep of dpkg's source code will demonstrate that this is also
the case for dpkg.

A small bit of archaeology leads to

2005-06-11  Manoj Srivastava  <srivasta@debian.org>

        * lib/star.c (ExtractFile, SetModes): If dpkg is compiled with
        SELinux, test once whether SELinux is enabled on the system.  If it
        is enabled, find out the security context of the file from its path
        and either set what we think it should be or let the default security
        context for the process be applied.

Regards,

Adam