Russell Coker wrote:
On Sat, 9 Oct 2004 02:14, Stephen Smalley <sds@xxxxxxxxxxxxxx> wrote:
/etc/ld.so.cache is supposed to be labeled ld_so_cache_t.
ldconfig is being executed directly from rpm not via "sh -c ldconfig". This means that it doesn't transition to ldconfig_t.
Jeff, please change rpm to use "sh -c" for spawning all scripts including ldconfig and /usr/sbin/glibc_post_upgrade. Should I file a bugzilla against rpm?
I would if it would "work".
This was my reasoning originally for limiting "rpm_script_t" to /bin/sh execution, rather than
applying in general.
As long as glibc_post_upgrade is a static binary that attempts sshd restart, policy
will be a bit more complex than otherwise. The restart of sshd is necessary
iff there is a incompatibility in one of the name service modules, a fairly
rare event.
Making glibc_post_upgrade actions a bit easier to see and change is needed imho.
I'd suggest using the embedded lua now in rpm rather than the a statically linked
helper. But that is probably a different problem than /etc/ld.so.cache mentioned here.
Current behavior is to set "rpm_script_t" for all package interpreters rather than
just /bin/sh.
What change(s) do you wish?
73 de Jeff
