[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Adobe Reader 7

Mike Hearn wrote:

On Mon, 11 Apr 2005 22:16:05 -0400, Daniel J Walsh wrote:

I means that acroread was not able to execute a shared library, because it was labeled incorrectly. If you could get autopackage to automatically call restorecon on all libraries as they get installed. A better way of going would be to make it SELinux aware. The install command and rpm have the restorecon capability built into them, so the file can get created with the correct context.

Yep, we have SELinux awareness on the TODO list. Right now I'm thinking of something that could go into a bugfix release (so minimal impact).

The install program is a part of coreutils, so the best solution is
probably to use that for now. Then we can have explicit labelling later.

One question: autopackage knows about the types of files (eg, executable,
shared library, man pages, info pages etc) - does it make sense to
automatically assign contexts based on that?

If you do a "make install prefix=/tmp/foo", do the files in /tmp/foo get
given the right contexts by the install program automatically? If so then
I guess just ensuring the contexts survive the packaging process would be
enough, rather than relabelling on the end users system.

The other concern I have is whether distributions policies will be
compatible enough, eg if one distro calls it shlib_t and another calls it
elfdso_t. It doesn't seem to be a problem right now, but in future ...

Yes the Fedora Install program will call matchpathcon which reads the currently installed "file context" file
so the files will get labeled correctly. As you point out knowing a file is a shared library does not necessarily
indicate which context to use. Using install would probably be your best solution.

thanks -mike

fedora-selinux-list mailing list
fedora-selinux-list redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]