On Mon, 11 Apr 2005 22:16:05 -0400, Daniel J Walsh wrote: > I means that acroread was not able to execute a shared library, because > it was labeled incorrectly. If you could get autopackage to > automatically call restorecon on all libraries as they get installed. A > better way of going would be to make it SELinux aware. The install > command and rpm have the restorecon capability built into them, so the > file can get created with the correct context. Yep, we have SELinux awareness on the TODO list. Right now I'm thinking of something that could go into a bugfix release (so minimal impact). The install program is a part of coreutils, so the best solution is probably to use that for now. Then we can have explicit labelling later. One question: autopackage knows about the types of files (eg, executable, shared library, man pages, info pages etc) - does it make sense to automatically assign contexts based on that? If you do a "make install prefix=/tmp/foo", do the files in /tmp/foo get given the right contexts by the install program automatically? If so then I guess just ensuring the contexts survive the packaging process would be enough, rather than relabelling on the end users system. The other concern I have is whether distributions policies will be compatible enough, eg if one distro calls it shlib_t and another calls it elfdso_t. It doesn't seem to be a problem right now, but in future ... thanks -mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
