[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Dependency hell

From: Panu Matilainen <pmatilai welho com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: Dependency hell
Date: Mon, 05 Apr 2004 22:43:22 +0300

On Sat, 2004-04-03 at 06:09, Warren Togami wrote:

> 2) apt-get upgrade (but not dist-upgrade) avoids the missing pieces 
> automatically.  All the way through FC2 test1 to current rawhide it has 
> worked for me in not leaving a broken system.  The current selinux 
> policy problem needs to be solved though.  Panu have you communicated 
> with the selinux people about this?

The quick and dirty fix is to put apt-get, apt-shell and synaptic into
rpm_exec_t file context, eg apply this patch to the policy-sources and
relabel:

--- rpm.fc.orig	2004-04-05 22:28:45.000000000 +0300
+++ rpm.fc	2004-04-05 22:29:09.000000000 +0300
@@ -3,6 +3,9 @@
 /var/lib(64)?/alternatives(/.*)?	system_u:object_r:rpm_var_lib_t
 /bin/rpm 		--	system_u:object_r:rpm_exec_t
 /usr/bin/yum 		--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-get	--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-shell	--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-synaptic	--	system_u:object_r:rpm_exec_t
 /usr/lib/rpm/rpmd	-- 	system_u:object_r:bin_t
 /usr/lib/rpm/rpmq	-- 	system_u:object_r:bin_t
 /usr/lib/rpm/rpmk	-- 	system_u:object_r:bin_t

In the long run apt should probably run in it's own domain with suitable
restrictions on the methods etc... but this all raises the question:
How are 3rd party packages supposed to ship their own policy settings in
a sane manner?

	- Panu -

Follow-Ups:
- Re: Dependency hell
  - From: Russell Coker

References:
- Dependency hell
  - From: Richard Hally
- Re: Dependency hell
  - From: Warren Togami

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]