glibc post upgrade
Daniel J Walsh
dwalsh at redhat.com
Mon Aug 23 18:27:13 UTC 2004
Stephen Smalley wrote:
>On Mon, 2004-08-23 at 12:56, Jeff Johnson wrote:
>
>
>>Yes, rpm_script_t is applied only for /bin/sh, not for other helpers
>>like /sbin/ldconfig, and
>>/usr/sbin/{glibc,libgcc}_post_upgrade, to name the other known helpers.
>>
>>I can certainly change that behavior, and have asked several times if I
>>should, with no answer.
>>
>>
>
>I think it should change. For now, I'd say just use rpm_script_t for
>all commands executed from the scriptlets specified in the spec file,
>whether run via an interpreter or as a direct executable. Note that on
>the policy side, the domain_trans(rpm_t, shell_exec_t, rpm_script_t)
>rule should be changed to include any of the possible entrypoint types.
>However, it should work even without that change in the Fedora policy,
>because the unlimitedRPM tunable is enabled by default.
>
>
>
I agree, make the change.
Dan
More information about the fedora-selinux-list
mailing list