[DSE-Dev] SELinux release goals for Debian Jessie ?
Andreas Kuckartz
a.kuckartz at ping.de
Thu Oct 3 09:40:47 UTC 2013
Laurent Bigonville:
> Good question, I still want to make enter the policy that, if a package
> is creating a file/directory in initscript or in a maintainer script,
> it ensures (read call restorecon) that the context on disk is correct.
>
> I've opened a bug about this (#685992) a while back, but never
> committed to make this happen. I guess that when/if this is happening,
> there will be some package that will need fixes. This could be a good
> selinux release goal I guess, even if it might be difficult to mesure
> the progression.
I have mentioned that here:
https://wiki.debian.org/ReleaseGoals/SELinux
But are there no better alternatives than calling restorecon? The main
use of that command is to "correct errors" (as the man page says).
Wouldn't it be better to avoid those errors by correcting the scripts ?
Are we aware of packages with such errors? So far I only know about
this one, because it is blocking #685992 :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687306
Cheers,
Andreas
More information about the SELinux-devel
mailing list