[DSE-Dev] SELinux release goals for Debian Jessie ?
Andreas Kuckartz
a.kuckartz at ping.de
Thu Oct 3 21:04:58 UTC 2013
Laurent Bigonville:
>> But are there no better alternatives than calling restorecon? The
>> main use of that command is to "correct errors" (as the man page
>> says).
>> Wouldn't it be better to avoid those errors by correcting the
>> scripts ?
>
> That would requires changes in the repolicy (for the files created by
> initscripts) and some changes to dpkg code (I'm not even sure that
> this could be achieve that way) for the files installed by maintainer
> scripts.
>
> So here restorecon call is a correct way of doing things, even if it's
> maybe not the best. There are actually several initscript that are
> doing this ATM.
>
>> Are we aware of packages with such errors? So far I only know about
>> this one, because it is blocking #685992 :
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687306
>
> There is also #678719
In these two issues the maintainers seem to explicitly dislike the
"restorecon"-solution.
Perhaps they are more interested in the best way of doing things?
I suppose that rpm-based distributions using SELinux had to solve
similar issues.
Cheers,
Andreas
More information about the SELinux-devel
mailing list