On Thu, Nov 8, 2012 at 3:26 AM, Guillem Jover <[email protected]> wrote: > Hi! > > I've had on my TODO for some time to clear out some doubts about the > current dpkg SELinux support (which preceded my time), to be able to > fix some possible issues with it, and because I've never actually used > a SELinux enabled system and my knowledge about it is mostly > superficial. So here goes: > > An error from the lsetfilecon_raw() call in [0] does not currently > end up in the installation process aborting (just an error message > printed out), I think this is wrong as I noted with the XXX there, > but I'd like your input on this, in case it actually needs to proceed > anyway. Otherwise I'd guess at least ENOTSUP should be ignored. > > [0] > <http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=blob;f=src/archives.c;h=4e363474607bd916813ce772b1e5c4c7359a76fc;hb=HEAD#l479> > > And when invoking package maintainer scripts, dpkg does not set a > new execution context, like rpm does with rpm_execcon(), and while > skimming over the SELinux policy related to dpkg it seemed like > dpkg would need to do so. > > I'd be fixing those, if needed, for dpkg 1.17.x.
Agree that lsetfilecon failure other than EOPNOTSUPP should abort package installation if SELinux is enabled. Note that matchpathcon and friends are deprecated interfaces; consider converting to selabel_open and friends instead, as has already been done in rpm. Some mechanism to allow package scriptlets to run in a different context than the package manager would be helpful, but rpm_execcon() may not be a very good example. The Tizen folks have been working on a more general architecture for rpm security plugins that may be relevant/helpful as a guide, see prior discussions on selinux list and rpm-maint. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/cab9w1a3cvvsj-pbm73c+vepht7fvgf8117oxmtrdpf0k0vy...@mail.gmail.com
