Adobe Reader 7
Mike Hearn
mike at navi.cx
Tue Apr 12 15:14:55 UTC 2005
On Mon, 11 Apr 2005 22:16:05 -0400, Daniel J Walsh wrote:
> I means that acroread was not able to execute a shared library, because
> it was labeled incorrectly. If you could get autopackage to
> automatically call restorecon on all libraries as they get installed. A
> better way of going would be to make it SELinux aware. The install
> command and rpm have the restorecon capability built into them, so the
> file can get created with the correct context.
Yep, we have SELinux awareness on the TODO list. Right now I'm thinking of
something that could go into a bugfix release (so minimal impact).
The install program is a part of coreutils, so the best solution is
probably to use that for now. Then we can have explicit labelling later.
One question: autopackage knows about the types of files (eg, executable,
shared library, man pages, info pages etc) - does it make sense to
automatically assign contexts based on that?
If you do a "make install prefix=/tmp/foo", do the files in /tmp/foo get
given the right contexts by the install program automatically? If so then
I guess just ensuring the contexts survive the packaging process would be
enough, rather than relabelling on the end users system.
The other concern I have is whether distributions policies will be
compatible enough, eg if one distro calls it shlib_t and another calls it
elfdso_t. It doesn't seem to be a problem right now, but in future ...
thanks -mike
More information about the fedora-selinux-list
mailing list