[DSE-Dev] refpolicy: patch for ldconfig from glibc 2.7, new patch

Christopher J. PeBenito cpebenito at tresys.com
Tue Mar 4 19:39:44 UTC 2008


On Sat, 2008-03-01 at 14:54 +0000, Martin Orr wrote:
> On 29/02/08 16:32, Christopher J. PeBenito wrote:
> > On Fri, 2008-02-29 at 15:29 +0000, Martin Orr wrote:
> >> The attached patch is what I am using to deal with this.  (I'm not sure if
> >> it should be apt_dontaudit_use_fds(ldconfig_t) or apt_use_fds(ldconfig_t)
> >> but dontaudit is what the Debian policy package uses.)
> > 
> > You probably want to allow it otherwise ldconfig won't inherit the fds
> > that point to the apt pty.  By denying the inheritance on an enforcing
> > system, fd 0,1,2 will be closed and reopened to /dev/null, so you lose
> > any ldconfig output.
> 
> Here's an updated patch, with apt_use_fds(ldconfig_t).  This also lets
> dpkg_t and dpkg_script_t use initrc ptys, so that se_dpkg works.

Merged.

> @@ -1,5 +1,5 @@
>  
> -policy_module(apt,1.3.0)
> +policy_module(apt,1.3.1)
>  

In the future please don't submit patches with module version changes.
It may change between the time you make the patch, and the time I apply
it, which may cause patches not to apply.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150




More information about the SELinux-devel mailing list