On Mon, 2 Jul 2012, Scott Kitterman <[email protected]> wrote: > ... > > > + [ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR" > > ... > Lintian whines about use of the full path here. Should this be ignored > because we always want to use the system provide binary and not allow > administrators to install their own?
I can't think of any possible reason for the administrator to install their own. They can change the context given to the directory by changing the policy. In the unlikely event that someone releases a MAC system for Linux which uses path based labelling in competition to SE Linux then I would prefer to have /sbin/restorecon be a wrapper which determines which MAC system is in use and then runs /sbin/restorecon.selinux or whatever. > Also, if you want this in for Wheezy, I don't mind uploading it if you get > the approval from the release team. I just uploaded a policy package with significant changes shortly before the freeze. I don't expect to get a new policy package in Wheezy with support for opendkim, so Wheezy users will have more difficult problems than editing an init.d file if they want to run OpenDKIM in a confined domain. I would like to get policy support for OpenDKIM in the first update to Wheezy. It might be easier for you to save this change in case you have other changes that also need to go in the Wheezy update. But if you just want to get it done and forget about it then I'll ask the release team. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
