Dependency hell

Panu Matilainen pmatilai at welho.com
Mon Apr 5 19:43:22 UTC 2004


On Sat, 2004-04-03 at 06:09, Warren Togami wrote:

> 2) apt-get upgrade (but not dist-upgrade) avoids the missing pieces 
> automatically.  All the way through FC2 test1 to current rawhide it has 
> worked for me in not leaving a broken system.  The current selinux 
> policy problem needs to be solved though.  Panu have you communicated 
> with the selinux people about this?

The quick and dirty fix is to put apt-get, apt-shell and synaptic into
rpm_exec_t file context, eg apply this patch to the policy-sources and
relabel:

--- rpm.fc.orig	2004-04-05 22:28:45.000000000 +0300
+++ rpm.fc	2004-04-05 22:29:09.000000000 +0300
@@ -3,6 +3,9 @@
 /var/lib(64)?/alternatives(/.*)?	system_u:object_r:rpm_var_lib_t
 /bin/rpm 		--	system_u:object_r:rpm_exec_t
 /usr/bin/yum 		--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-get	--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-shell	--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-synaptic	--	system_u:object_r:rpm_exec_t
 /usr/lib/rpm/rpmd	-- 	system_u:object_r:bin_t
 /usr/lib/rpm/rpmq	-- 	system_u:object_r:bin_t
 /usr/lib/rpm/rpmk	-- 	system_u:object_r:bin_t

In the long run apt should probably run in it's own domain with suitable
restrictions on the methods etc... but this all raises the question:
How are 3rd party packages supposed to ship their own policy settings in
a sane manner?

	- Panu -





More information about the devel mailing list