how does rpm work under Selinux

Stephen Smalley sds at
Wed Jun 1 11:33:01 UTC 2005

On Wed, 2005-06-01 at 04:01 +0200, Rudi Chiarito wrote:
> No matter how tempting, that also sounds like a perfect way for a rogue
> package to subvert the whole SELinux scheme, overriding the
> preinstalled policy, right?

rpm is trusted at present in Fedora.  There have been discussions of
limiting it, e.g. having it transition to different domains and using
different file contexts depending on some measure of the
"trustworthiness" of the package, but no progress there yet.  You just
have the traditional signature verification support at present.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list