On Thu, 2004-12-30 at 21:05 +0000, Mike Hearn wrote:
Hi,
I have a couple of questions. The first is that in the FC3 targetted
policy, it appears that ldconfig cannot write to user_home_t directories.
Why is this? It appears to be a restriction with no purpose, and some
programs rely on this to work. In fact I see from the archives that
ldconfig not being able to write or search certain directories has come up
before.
Can you explain why you have ldconfig writing to a home directory? Are
you doing the equivalent of "ldconfig > ~/install.log"?
The second question is what impact SELinux will have on third party
installers. It seems from the nVidia thread that currently if you copy
files onto the system using "cp", this is the wrong way to do it and it
will break peoples SELinux setups. This surely cannot be correct: that'd
break every pretty much every third party installer (eg Loki Setup,
etc) out there!
My hope was that by modifying "install", we'd minimize the breakage. At
least all of the Automake-generated packages should work.
I had a quick look at two other ISV installers; HelixPlayer and Mozilla.
It appears neither uses "install", they both do the equivalent of cp.
The route we may need to go down is having a relabeling daemon that
monitors /usr/lib/, /usr/local/lib, etc. and fixes file contexts.