On Tue, Sep 07, 2004 at 10:20:53PM +1000, Russell Coker wrote: > > > Vaguely, files are unpacked in a temporary place then moved into the > > > right place (inside process_archive). > > > > okay, then that means that: > > > > 1b) the move needs to be handled carefully to ensure that the > > selinux permissions are preserved > > This is already catered for. The only move which could lose the SE Linux > context is one that crosses file systems. This doesn't work for package > installation anyway (imagine if /bin/bash or /usr/bin/perl was being replaced > and half way through copying over the new file there was a power failure). so... if i have /usr, /var, / and /boot on separate partitions, and move files around, is the selinux context lost or kept?
> > 2) the linux kernel could be "prepped" by the functions in libselinux > > such that the correct file contexts be applied at move time (i think!) > > No kernel changes. [i mean by using libselinux1 in standard way] > > well, under most circumstances, i believe that can be catered for > > (with /etc/init.d/xfs creating /tmp/.font-unix being a notable > > exception). > > test -s /sbin/restorecon && /sbin/restorecon /tmp/.font-unix (in /etc/init.d/xfs i've used if [ -x /sbin/restorecon ]; then /sbin.... but hey it's all the same) l.
