Adobe Reader 7

Mike Hearn mike at navi.cx
Tue Apr 12 15:14:55 UTC 2005


On Mon, 11 Apr 2005 22:16:05 -0400, Daniel J Walsh wrote:
> I means that acroread was not able to execute a shared library, because 
> it was labeled incorrectly.    If you could get autopackage to 
> automatically call restorecon on all libraries as they get installed.  A 
> better way of going would be to make it SELinux aware.  The install 
> command and rpm have the restorecon capability built into them, so the 
> file can get created with the correct context.

Yep, we have SELinux awareness on the TODO list. Right now I'm thinking of
something that could go into a bugfix release (so minimal impact).

The install program is a part of coreutils, so the best solution is
probably to use that for now. Then we can have explicit labelling later.

One question: autopackage knows about the types of files (eg, executable,
shared library, man pages, info pages etc) - does it make sense to
automatically assign contexts based on that?

If you do a "make install prefix=/tmp/foo", do the files in /tmp/foo get
given the right contexts by the install program automatically? If so then
I guess just ensuring the contexts survive the packaging process would be
enough, rather than relabelling on the end users system.

The other concern I have is whether distributions policies will be
compatible enough, eg if one distro calls it shlib_t and another calls it
elfdso_t. It doesn't seem to be a problem right now, but in future ...

thanks -mike




More information about the fedora-selinux-list mailing list