[DSE-Dev] refpolicy: patch for ldconfig from glibc 2.7, new patch
Christopher J. PeBenito
cpebenito at tresys.com
Tue Mar 4 19:39:44 UTC 2008
On Sat, 2008-03-01 at 14:54 +0000, Martin Orr wrote:
> On 29/02/08 16:32, Christopher J. PeBenito wrote:
> > On Fri, 2008-02-29 at 15:29 +0000, Martin Orr wrote:
> >> The attached patch is what I am using to deal with this. (I'm not sure if
> >> it should be apt_dontaudit_use_fds(ldconfig_t) or apt_use_fds(ldconfig_t)
> >> but dontaudit is what the Debian policy package uses.)
> >
> > You probably want to allow it otherwise ldconfig won't inherit the fds
> > that point to the apt pty. By denying the inheritance on an enforcing
> > system, fd 0,1,2 will be closed and reopened to /dev/null, so you lose
> > any ldconfig output.
>
> Here's an updated patch, with apt_use_fds(ldconfig_t). This also lets
> dpkg_t and dpkg_script_t use initrc ptys, so that se_dpkg works.
Merged.
> @@ -1,5 +1,5 @@
>
> -policy_module(apt,1.3.0)
> +policy_module(apt,1.3.1)
>
In the future please don't submit patches with module version changes.
It may change between the time you make the patch, and the time I apply
it, which may cause patches not to apply.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the SELinux-devel
mailing list