SELinux and third party installers
Mike Hearn
mike at navi.cx
Fri Dec 31 13:42:48 UTC 2004
On Thu, 30 Dec 2004 22:52:02 -0500, Daniel J Walsh wrote:
> The problem is that sometimes file like share libraries need a different
> file context (shlib_t)
> than the directory they are being copied to (lib_t). RPM and now
> install have the smarts to handle this. mv and cp do not.
I see. What happens if you create a file in a lib_t directory using the
standard POSIX APIs? I looked at the Loki setup sources and it doesn't use
"cp" directly of course, it just opens files and copies them using a
read/write loop.
What happens if a library is put in a directory that isn't lib_t, and the
DSO is not marked as shlib_t? Does the linker refuse to link it? Or is it
just that ldconfig cannot read them.
I have a game here where it uses libraries marked as file_t, and it seems
to work when using LD_LIBRARY_PATH which makes me happier :)
Most third party programs do not rely on the linker cache anyway, so I
suppose this is a good thing.
> What do you base this on? Fedora is where most of the SELinux
> development has been going on.
Yes, I mean it's hard to find out how Fedora differs from Debian or Gentoo
SELinux-wise. If I use "install" does this only work on Fedora? Or is this
something that will eventually be merged into other distributions too.
What about the pam_selinux module, is that used elsewhere or on other
distros must I remember to use the SELinux su equivalent as well? (I
forgot it's name ...)
thanks -mike
More information about the fedora-selinux-list
mailing list