SELinux and third party installers
Mike Hearn
mike at navi.cx
Tue Jan 4 22:46:52 UTC 2005
On Tue, 04 Jan 2005 15:21:07 -0500, Colin Walters wrote:
> I can't think of any good ideas on a solution for this one at the
> moment. Can you file a bugzilla?
Done: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144190
> Depends how you define third party, but I know what you mean.
Well, Loki Setup, Mozilla installer, HelixPlayer, BitRock, Sun JVM scripts
etc. Basically installers that are built once and shipped with the app so
we can't really modify them later.
autopackage kind of sits in the middle. It's mostly separate from the
.package file itself and is downloaded automatically on first run. So it's
more like source tarballs because they can be modified after the fact by
rerunning the autotools chain.
> It's just as racy as prelink; actually less so because it doesn't
> actually change file content.
Prelink is just an optimisation, it can't actually stop apps working.
Whereas I think if libraries have the wrong context stuff will break.
> What specific race conditions do you see that we can't solve in
> userspace?
User installs RPM, it runs a program contained in the payload that links
to libraries also in the payload in a post-install script, that fails
because the libraries haven't been fixed yet. IE there's a gap between the
time the library becomes available to apps and the time at which the
daemon gets around to fixing it.
I may be horribly misunderstanding what you're proposing though ...
thanks -mike
More information about the selinux
mailing list