[DSE-Dev] Bug#707214: refpolicy: Please handle new dpkg_script_t execution context

Guillem Jover guillem at debian.org
Wed May 8 09:30:57 UTC 2013

Source: refpolicy
Source-Version: 2:2.20110726-12
Severity: wishlist


I've reworked the SELinux support in dpkg (targetted at 1.17.0), and as
part of that I've added support for maintainer scripts running under a
different dpkg_script_t execution context [0]. I guess the SELinux policy
might need to be updated to take that into account.

[0] <http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=commitdiff;h=99529be532e9bb6c0d4fda1d803588c64b8fa47a>

Also as part of the rework, I've improved the handling of policy updates
during a dpkg run [1], so that it reloads them when they change, for
example when a new policy package gets upgraded/installed. I'd
appreciate if people from the SELinux team could tell me if the code
in dpkg master works fine for you. (Embedding this request here, because
I guess you might need to use a new dpkg to test the new policy, and
also because alioth rejects my mails...)

[1] <http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=commitdiff;h=866f5d2a9702da7b4e809b89c3f7df6933e97116>


More information about the SELinux-devel mailing list