On Fri, 29 Mar 2002 13:29, Wichert Akkerman wrote: > > If the postinst gives an error then my script must still be run (doing > > otherwise may leave the system in a state where it's impossible to > > login). > > That's positively nasty, it means you end up with continuing while we > know we are in an error state.
No, it means having an error recovery proceedure. Running the trigger script with a parameter indicating that it's being run in an error-cleanup condition should not cause any problems. As for being nasty, /bin/login must have the sid system_u:object_r:login_exec_t to indicate that it gets special privs (setuid, setgid, etc). This sid must be applied to the inode after the new file is installed. > > If my script was to return an error then I think that dpkg should > > consider it to be the same as if the postinst had returned an error and > > leave the package unconfigured. > > Absolutely not, a failed trigger is a completely seperate thing from a > failed postinst. It is a different package for one thing. OK. It doesn't bother me anyway, my trigger has no need to return an error condition (if something goes wrong it probably indicates a much more serious problem). > I'm starting to dislike the whole SELinux thing more and more, I suspect > this can be done a lot simpler with a different approach. Well I'm sure that the NSA people will be interested in hearing any suggestions, but they aren't really concerned about packaging issues. The NSA documents on installation are based around the idea of installing all software, labelling the files with the correct SID, then rebooting. We could follow the NSA proceedures and require a reboot after every package installation... -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
