Re: [apt-rpm] apt and selinux (was: Re: restorecon vs. setfiles)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-06-29 at 01:32, Gary Peck wrote:
> On Mon, Jun 28, 2004 at 02:53:52PM -0400, Stephen Smalley wrote:
> > On Mon, 2004-06-28 at 09:11, Panu Matilainen wrote:
> > > I wouldn't call it an apt-problem, you just need to put it into same 
> > > context as rpm. This should already be the case on Fedora Core 2, dunno 
> > > about upstream selinux policy packages - this is from stock FC2 
> > > /etc/security/selinux/src/policy/file_contexts/program/rpm.fc:
> > > /usr/bin/apt-get        --      system_u:object_r:rpm_exec_t
> > > /usr/bin/apt-shell      --      system_u:object_r:rpm_exec_t
> > > /usr/bin/synaptic   --          system_u:object_r:rpm_exec_t
> 
> The context is not the problem. I'm running the targeted policy from
> FCdev, which makes both /bin/rpm and /usr/bin/apt*
> system_u:object_r:bin_t. rpm works fine, however, whereas apt-get does
> not.
> 
> > It isn't just a policy issue; rpm had to be modified for SELinux to
> > set file security contexts when creating files.  Those changes are in
> > the upstream rpm, and yum seems to work as expected when updating.
> 
> I believe apt needs similar modifications. The attached patch to apt
> fixes the problem for me. I'm not too familiar with rpm, apt, or selinux
> internals, so this patch might need some work.  I just took the code
> from rpm's lib/rpminstall.c/rpmInstall() function which seemed to be
> missing in apt's apt-pkg/rpm/rpmpm.cc/pkgRPMLibPM::Process() function.

Had a closer look and the patch indeed seems correct: applied, thanks!

	- Panu -


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux