On Mon, 11 Apr 2005 22:16:05 -0400, Daniel J Walsh wrote:
I means that acroread was not able to execute a shared library,
because
it was labeled incorrectly. If you could get autopackage to
automatically call restorecon on all libraries as they get installed. A
better way of going would be to make it SELinux aware. The install
command and rpm have the restorecon capability built into them, so the
file can get created with the correct context.
Yep, we have SELinux awareness on the TODO list. Right now I'm thinking of
something that could go into a bugfix release (so minimal impact).
The install program is a part of coreutils, so the best solution is
probably to use that for now. Then we can have explicit labelling later.
One question: autopackage knows about the types of files (eg, executable,
shared library, man pages, info pages etc) - does it make sense to
automatically assign contexts based on that?
If you do a "make install prefix=/tmp/foo", do the files in /tmp/foo get
given the right contexts by the install program automatically? If so then
I guess just ensuring the contexts survive the packaging process would be
enough, rather than relabelling on the end users system.
The other concern I have is whether distributions policies will be
compatible enough, eg if one distro calls it shlib_t and another calls it
elfdso_t. It doesn't seem to be a problem right now, but in future ...
thanks -mike