Stephen Smalley wrote:
On Fri, 2004-06-25 at 12:34, Gary Peck wrote:Any chance the so files are getting created in a post install script? rpm should be working the same as restorecon and setfiles.
Looks like a similar bug might be present in rpm, or at least the end result is similar. Whenever I install new RPM's from Rawhide, *.so* files get installed with object_r:lib_t context. If I run "/sbin/fixfiles restore" right afterward, they get relabeled back to object_r:shlib_t. Either rpm has an old policy version on the Rawhide build machines, or it's not labeling files correctly.
Also, the dev package in Rawhide comes with all files labeled as object_r:device_t. After running fixfiles, some of those get relabeled to the correct object_r:fixed_disk_device_t, object_r:tty_device_t, object_r:sound_device_t, etc. dev should have the correct contexts to begin with. Various files in /usr/sbin also don't have the correct contexts as shipped in the RPM's.
This is all with selinux-policy-targeted-1.13.8-1,
policycoreutils-1.13.3-2, and rpm-4.3.2-0.4.
I don't believe that rpm is computing file contexts at package build time anymore, since there are multiple policies (strict and targeted) now. It should instead compute the file contexts when unpacking the package based on your local file_contexts configuration, whose path is obtained from /usr/lib/rpm/macros using /etc/selinux/config to determine the active policy. It seems to be working for me.
Dan
