On Tue, 2004-06-29 at 01:32, Gary Peck wrote: > On Mon, Jun 28, 2004 at 02:53:52PM -0400, Stephen Smalley wrote: > > On Mon, 2004-06-28 at 09:11, Panu Matilainen wrote: > > > I wouldn't call it an apt-problem, you just need to put it into same > > > context as rpm. This should already be the case on Fedora Core 2, dunno > > > about upstream selinux policy packages - this is from stock FC2 > > > /etc/security/selinux/src/policy/file_contexts/program/rpm.fc: > > > /usr/bin/apt-get -- system_u:object_r:rpm_exec_t > > > /usr/bin/apt-shell -- system_u:object_r:rpm_exec_t > > > /usr/bin/synaptic -- system_u:object_r:rpm_exec_t > > The context is not the problem. I'm running the targeted policy from > FCdev, which makes both /bin/rpm and /usr/bin/apt* > system_u:object_r:bin_t. rpm works fine, however, whereas apt-get does > not. > > > It isn't just a policy issue; rpm had to be modified for SELinux to > > set file security contexts when creating files. Those changes are in > > the upstream rpm, and yum seems to work as expected when updating. > > I believe apt needs similar modifications. The attached patch to apt > fixes the problem for me. I'm not too familiar with rpm, apt, or selinux > internals, so this patch might need some work. I just took the code > from rpm's lib/rpminstall.c/rpmInstall() function which seemed to be > missing in apt's apt-pkg/rpm/rpmpm.cc/pkgRPMLibPM::Process() function. Had a closer look and the patch indeed seems correct: applied, thanks! - Panu -
