[DSE-Dev] Bug#1068601: is this really a bug?

[Russell Coker]

The program dpkg is very important to Debian, but an unusual mount option 
(nosuid for /var) isn't so important.

You have found a workaround for your issue.

The possibilities for this moving forward are:

1) I could change the policy to allow this unconditionally for dpkg and the 
few other programs that might hit the same situation (boinc is one example).

2) Add a boolean for this.  This still requires some manual interaction but 
would be easier.

3) Just declare it not a bug and something that people can customise for 
themselves.  A non-suid /var is not something that happens accidentally or 
easily and the SE Linux policy change probably isn't the most difficult part 
of changing this.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/