[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: how does rpm work under Selinux

From: Stephen Smalley <sds tycho nsa gov>
To: Rudi Chiarito <nutello sweetness com>
Cc: Mike Hearn <mike navi cx>, fedora-selinux-list redhat com
Subject: Re: how does rpm work under Selinux
Date: Wed, 01 Jun 2005 07:33:01 -0400

On Wed, 2005-06-01 at 04:01 +0200, Rudi Chiarito wrote:
> No matter how tempting, that also sounds like a perfect way for a rogue
> package to subvert the whole SELinux scheme, overriding the
> preinstalled policy, right?

rpm is trusted at present in Fedora.  There have been discussions of
limiting it, e.g. having it transition to different domains and using
different file contexts depending on some measure of the
"trustworthiness" of the package, but no progress there yet.  You just
have the traditional signature verification support at present.

-- 
Stephen Smalley
National Security Agency

References:
- Re: how does rpm work under Selinux
  - From: Rudi Chiarito

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]