Adobe Reader 7

[Daniel J Walsh]

Mike Hearn wrote:

>On Mon, 11 Apr 2005 22:16:05 -0400, Daniel J Walsh wrote:
>  
>
>>I means that acroread was not able to execute a shared library, because 
>>it was labeled incorrectly.    If you could get autopackage to 
>>automatically call restorecon on all libraries as they get installed.  A 
>>better way of going would be to make it SELinux aware.  The install 
>>command and rpm have the restorecon capability built into them, so the 
>>file can get created with the correct context.
>>    
>>
>
>Yep, we have SELinux awareness on the TODO list. Right now I'm thinking of
>something that could go into a bugfix release (so minimal impact).
>
>The install program is a part of coreutils, so the best solution is
>probably to use that for now. Then we can have explicit labelling later.
>
>One question: autopackage knows about the types of files (eg, executable,
>shared library, man pages, info pages etc) - does it make sense to
>automatically assign contexts based on that?
>
>If you do a "make install prefix=/tmp/foo", do the files in /tmp/foo get
>given the right contexts by the install program automatically? If so then
>I guess just ensuring the contexts survive the packaging process would be
>enough, rather than relabelling on the end users system.
>
>The other concern I have is whether distributions policies will be
>compatible enough, eg if one distro calls it shlib_t and another calls it
>elfdso_t. It doesn't seem to be a problem right now, but in future ...
>
>  
>
Yes the Fedora Install program will call matchpathcon which reads the 
currently installed "file context" file
so the files will get labeled correctly.   As you point out knowing a 
file is a shared library does not necessarily
indicate which context to use.  Using install would probably be your 
best solution.

>thanks -mike
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>


--