Dependency hell
Panu Matilainen
pmatilai at welho.com
Mon Apr 5 19:43:22 UTC 2004
On Sat, 2004-04-03 at 06:09, Warren Togami wrote:
> 2) apt-get upgrade (but not dist-upgrade) avoids the missing pieces
> automatically. All the way through FC2 test1 to current rawhide it has
> worked for me in not leaving a broken system. The current selinux
> policy problem needs to be solved though. Panu have you communicated
> with the selinux people about this?
The quick and dirty fix is to put apt-get, apt-shell and synaptic into
rpm_exec_t file context, eg apply this patch to the policy-sources and
relabel:
--- rpm.fc.orig 2004-04-05 22:28:45.000000000 +0300
+++ rpm.fc 2004-04-05 22:29:09.000000000 +0300
@@ -3,6 +3,9 @@
/var/lib(64)?/alternatives(/.*)? system_u:object_r:rpm_var_lib_t
/bin/rpm -- system_u:object_r:rpm_exec_t
/usr/bin/yum -- system_u:object_r:rpm_exec_t
+/usr/bin/apt-get -- system_u:object_r:rpm_exec_t
+/usr/bin/apt-shell -- system_u:object_r:rpm_exec_t
+/usr/bin/apt-synaptic -- system_u:object_r:rpm_exec_t
/usr/lib/rpm/rpmd -- system_u:object_r:bin_t
/usr/lib/rpm/rpmq -- system_u:object_r:bin_t
/usr/lib/rpm/rpmk -- system_u:object_r:bin_t
In the long run apt should probably run in it's own domain with suitable
restrictions on the methods etc... but this all raises the question:
How are 3rd party packages supposed to ship their own policy settings in
a sane manner?
- Panu -
More information about the devel
mailing list