[DSE-Dev] Bug#707214: refpolicy: Please handle new dpkg_script_t execution context
Guillem Jover
guillem at debian.org
Sun Dec 22 04:32:12 UTC 2013
Hi!
On Sun, 2013-12-22 at 02:26:44 +0100, Laurent Bigonville wrote:
> I quickly tried, and when the package is installed (dpkg -i) the
> maintainer script is properly transitioned to "dpkg_script_t".
Ah, good.
> dpkg-reconfigure is OTOH not transitioning the maintainer script to its
> own context, I guess it also should be the case here?
Right, a bug would need to be filed for debconf. You are probably in a
better position to file it, and test possible implementations, would
you mind?
> Otherwise I think that the policy already has support for the
> dpkg_script_t execution context, or did you had something specific in
> mind?
Yeah, but it seemed incomplete/partial or just with some workarounds
to handle the missing dpkg_script_t support in dpkg. See for example
the TODO item or the “Use named file transition to fix this” commend
in «policy/modules/contrib/dpkg.te». Maybe there's other things that
could be improved or refined now in the policy? I don't know. :)
Thanks,
Guillem
More information about the SELinux-devel
mailing list