SELinux and third party installers
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 3 16:07:27 UTC 2005
Mike Hearn wrote:
>On Mon, 03 Jan 2005 10:31:13 -0500, Daniel J Walsh wrote:
>
>
>>The file will get recieve the context of the parent directory. Linker
>>is probably running in unconfined_t so it will not any problem.
>>
>>
>
>ldconfig doesn't though. Hmm.
>
>
>
ldconfig transitions to ldconfig_t and is only allowed to read certain
files.
>>You should not have anything marked file_t unless they were created on a
>>machine that was not running
>>SELinux. This indicates that you need a relabel.
>>
>>
>
>They're in my home directory. I did a "make relabel" when I enabled the
>targetted policy. Is that not enough?
>
>
>
relabel should have been enough, what kind of file system is your
homedirectory?
>>Hopefully, good ideas usually get picked up by other distributions, of
>>course they might not think this is a good idea. :^)
>>
>>
>
>Yeah this makes it rather hard for 3rd parties to track what's going on
>here. Why can this stuff not all be done upstream and just merged with
>Fedora at regular intervals?
>
>
>
Because we have a chicken and the egg problem. Upstream does not care
for SELinux until
people start to use it. So why would they put SELinux changes in, if
know one was using SELinux.
Also upstream does not always accept changes from the distros, so either
the distro is forced to
carry that patch or drop the functionality.
>> Of course you could say that generally about differences between
>>distributions.
>>
>>
>
>I could, and I do. It's a major pain for all concerned.
>
>thanks -mike
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
More information about the fedora-selinux-list
mailing list