how does rpm work under Selinux
Stephen Smalley
sds at tycho.nsa.gov
Wed Jun 1 11:33:01 UTC 2005
On Wed, 2005-06-01 at 04:01 +0200, Rudi Chiarito wrote:
> No matter how tempting, that also sounds like a perfect way for a rogue
> package to subvert the whole SELinux scheme, overriding the
> preinstalled policy, right?
rpm is trusted at present in Fedora. There have been discussions of
limiting it, e.g. having it transition to different domains and using
different file contexts depending on some measure of the
"trustworthiness" of the package, but no progress there yet. You just
have the traditional signature verification support at present.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list