[DSE-Dev] SELinux release goals for Debian Jessie ?

Andreas Kuckartz a.kuckartz at ping.de
Thu Oct 3 21:04:58 UTC 2013

Laurent Bigonville:
>> But are there no better alternatives than calling restorecon? The
>> main use of that command is to "correct errors" (as the man page
>> says).
>> Wouldn't it be better to avoid those errors by correcting the
>> scripts ?
> That would requires changes in the repolicy (for the files created by
> initscripts) and some changes to dpkg code (I'm not even sure that
> this could be achieve that way) for the files installed by maintainer
> scripts.
> So here restorecon call is a correct way of doing things, even if it's
> maybe not the best. There are actually several initscript that are
> doing this ATM.
>> Are we aware of packages with such errors? So far I only know about
>> this one, because it is blocking #685992 :
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687306
> There is also #678719

In these two issues the maintainers seem to explicitly dislike the

Perhaps they are more interested in the best way of doing things?

I suppose that rpm-based distributions using SELinux had to solve
similar issues.


More information about the SELinux-devel mailing list