On Thu, 2004-12-30 at 21:05 +0000, Mike Hearn wrote: > Hi, > > I have a couple of questions. The first is that in the FC3 targetted > policy, it appears that ldconfig cannot write to user_home_t directories. > Why is this? It appears to be a restriction with no purpose, and some > programs rely on this to work. In fact I see from the archives that > ldconfig not being able to write or search certain directories has come up > before. Can you explain why you have ldconfig writing to a home directory? Are you doing the equivalent of "ldconfig > ~/install.log"? > The second question is what impact SELinux will have on third party > installers. It seems from the nVidia thread that currently if you copy > files onto the system using "cp", this is the wrong way to do it and it > will break peoples SELinux setups. This surely cannot be correct: that'd > break every pretty much every third party installer (eg Loki Setup, > etc) out there! My hope was that by modifying "install", we'd minimize the breakage. At least all of the Automake-generated packages should work. I had a quick look at two other ISV installers; HelixPlayer and Mozilla. It appears neither uses "install", they both do the equivalent of cp. The route we may need to go down is having a relabeling daemon that monitors /usr/lib/, /usr/local/lib, etc. and fixes file contexts.
