On Sat, 2008-03-01 at 14:54 +0000, Martin Orr wrote: > On 29/02/08 16:32, Christopher J. PeBenito wrote: > > On Fri, 2008-02-29 at 15:29 +0000, Martin Orr wrote: > >> The attached patch is what I am using to deal with this. (I'm not sure if > >> it should be apt_dontaudit_use_fds(ldconfig_t) or apt_use_fds(ldconfig_t) > >> but dontaudit is what the Debian policy package uses.) > > > > You probably want to allow it otherwise ldconfig won't inherit the fds > > that point to the apt pty. By denying the inheritance on an enforcing > > system, fd 0,1,2 will be closed and reopened to /dev/null, so you lose > > any ldconfig output. > > Here's an updated patch, with apt_use_fds(ldconfig_t). This also lets > dpkg_t and dpkg_script_t use initrc ptys, so that se_dpkg works. Merged. > @@ -1,5 +1,5 @@ > > -policy_module(apt,1.3.0) > +policy_module(apt,1.3.1) > In the future please don't submit patches with module version changes. It may change between the time you make the patch, and the time I apply it, which may cause patches not to apply. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
